From: Tim Duesterhus <tim@bastelstu.be>
Date: Fri, 10 May 2019 15:50:50 +0000 (+0200)
Subject: BUG/MINOR: vars: Fix memory leak in vars_check_arg
X-Git-Tag: v2.0-dev3~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ea00195c479d96c5aa651adcca3bc3637e3eceb;p=thirdparty%2Fhaproxy.git

BUG/MINOR: vars: Fix memory leak in vars_check_arg

vars_check_arg previously leaked the string containing the variable
name:

Consider this config:

    frontend fe1
        mode http
        bind :8080
        http-request set-header X %[var(txn.host)]

Starting HAProxy and immediately stopping it by sending a SIGINT makes
Valgrind report this leak:

    ==7795== 9 bytes in 1 blocks are definitely lost in loss record 15 of 71
    ==7795==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==7795==    by 0x4AA2AD: my_strndup (standard.c:2227)
    ==7795==    by 0x51FCC5: make_arg_list (arg.c:146)
    ==7795==    by 0x4CF095: sample_parse_expr (sample.c:897)
    ==7795==    by 0x4BA7D7: add_sample_to_logformat_list (log.c:495)
    ==7795==    by 0x4BBB62: parse_logformat_string (log.c:688)
    ==7795==    by 0x4E70A9: parse_http_req_cond (http_rules.c:239)
    ==7795==    by 0x41CD7B: cfg_parse_listen (cfgparse-listen.c:1466)
    ==7795==    by 0x480383: readcfgfile (cfgparse.c:2089)
    ==7795==    by 0x47A081: init (haproxy.c:1581)
    ==7795==    by 0x4049F2: main (haproxy.c:2591)

This leak can be detected even in HAProxy 1.6, this patch thus should
be backported to all supported branches.
---

diff --git a/src/vars.c b/src/vars.c
index 477a146328..aa8bf185d9 100644
--- a/src/vars.c
+++ b/src/vars.c
@@ -510,6 +510,8 @@ int vars_check_arg(struct arg *arg, char **err)
 			     err);
 	if (!name)
 		return 0;
+	free(arg->data.str.area);
+	arg->data.str.area = NULL;
 
 	/* Use the global variable name pointer. */
 	arg->type = ARGT_VAR;