From: Willy Tarreau <w@1wt.eu>
Date: Mon, 20 Mar 2023 18:53:14 +0000 (+0100)
Subject: BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure
X-Git-Tag: v2.8-dev6~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a8ca0a0633e120c5b82de81f03c31cc39a17cb1;p=thirdparty%2Fhaproxy.git

BUG/MINOR: stconn: fix sedesc memory leak on stream allocation failure

If we fail to allocate a new stream in sc_new_from_endp(), and the call
to sc_new() allocated the sedesc itself (which normally doesn't happen),
then it doesn't get released on the failure path. Let's explicitly
handle this case so that it's not overlooked and avoids some head
scratching sessions.

This may be backported to 2.6.
---

diff --git a/src/stconn.c b/src/stconn.c
index e1266a4ebc..f84ae6a0f5 100644
--- a/src/stconn.c
+++ b/src/stconn.c
@@ -171,8 +171,12 @@ struct stconn *sc_new_from_endp(struct sedesc *sd, struct session *sess, struct
 	if (unlikely(!sc))
 		return NULL;
 	if (unlikely(!stream_new(sess, sc, input))) {
-		pool_free(pool_head_connstream, sc);
 		sd->sc = NULL;
+		if (sc->sedesc != sd) {
+			/* none was provided so sc_new() allocated one */
+			sedesc_free(sc->sedesc);
+		}
+		pool_free(pool_head_connstream, sc);
 		se_fl_set(sd, SE_FL_ORPHAN);
 		return NULL;
 	}