From: Frédéric Lécaille <flecaille@haproxy.com>
Date: Wed, 2 Feb 2022 14:39:55 +0000 (+0100)
Subject: MINOR: quic: Possible memleak in qc_new_conn()
X-Git-Tag: v2.6-dev2~163
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0b481f87b4b5c7d77b4c021495c29bc0f43ebba;p=thirdparty%2Fhaproxy.git

MINOR: quic: Possible memleak in qc_new_conn()

This should fix Coverity CID 375047 in GH #1536 where <buf_area> could leak because
not always freed by by quic_conn_drop(), especially when not stored in <qc> variable.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 29cffdeb13..0793967b62 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -3561,7 +3561,7 @@ static struct quic_conn *qc_new_conn(unsigned int version, int ipv4,
 	struct quic_conn *qc;
 	/* Initial CID. */
 	struct quic_connection_id *icid;
-	char *buf_area;
+	char *buf_area = NULL;
 	struct listener *l = NULL;
 
 	TRACE_ENTER(QUIC_EV_CONN_INIT);
@@ -3668,6 +3668,9 @@ static struct quic_conn *qc_new_conn(unsigned int version, int ipv4,
 
  err:
 	TRACE_DEVEL("leaving in error", QUIC_EV_CONN_INIT, qc ? qc : NULL);
+	pool_free(pool_head_quic_conn_rxbuf, buf_area);
+	if (qc)
+		qc->rx.buf.area = NULL;
 	quic_conn_drop(qc);
 	return NULL;
 }