git.ipfire.org Git - thirdparty/haproxy.git/commit

]> git.ipfire.org Git - thirdparty/haproxy.git/commit

projects / thirdparty / haproxy.git / commit

author	Willy Tarreau <w@1wt.eu>
	Tue, 21 Mar 2023 09:50:51 +0000 (10:50 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Tue, 21 Mar 2023 09:50:51 +0000 (10:50 +0100)
commit	465a6c850629bd1fbbecb028af631ff81bd09e11
tree	cb8248b552dd156c9bf631fa031cc7fa5ade782e	tree
parent	a220e59ad8dd44cd71484ab5a207ed08f219c737	commit \| diff

BUG/MEDIUM: applet: only set appctx->sedesc on successful allocation

If appctx_new_on() fails to allocate a task, it will not remove the
freshly allocated sedesc from the appctx despite freeing it, causing
a UAF. Let's only assign appctx->sedesc upon success.

This needs to be backported to 2.6. In 2.6 the function is slightly
different and called appctx_new(), though the issue is exactly the
same.

src/applet.c

diff | blob | blame | history

Mirror of https://github.com/haproxy/haproxy.git

RSS Atom