From 9fa0df55cd5ce001730c55d928355ec8938c57b3 Mon Sep 17 00:00:00 2001
From: Tim Duesterhus <tim@bastelstu.be>
Date: Sat, 4 Jul 2020 11:49:38 +0200
Subject: [PATCH] BUG/MINOR: acl: Fix freeing of expr->smp in prune_acl_expr

Instead of simply calling free() in expr->smp->arg_p in certain cases
properly free the sample using release_sample_expr().

Given the following example configuration:

    frontend foo
    	bind *:8080
    	mode http
    	http-request set-var(txn.foo) str(bar)
    	acl is_match str(foo),strcmp(txn.hash) -m bool

Running a configuration check within valgrind reports:

    ==31371== 160 (48 direct, 112 indirect) bytes in 1 blocks are definitely lost in loss record 35 of 45
    ==31371==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==31371==    by 0x4C3832: sample_parse_expr (sample.c:876)
    ==31371==    by 0x56B3E0: parse_acl_expr (acl.c:319)
    ==31371==    by 0x56BA4F: parse_acl (acl.c:697)
    ==31371==    by 0x48D225: cfg_parse_listen (cfgparse-listen.c:816)
    ==31371==    by 0x4797C3: readcfgfile (cfgparse.c:2167)
    ==31371==    by 0x5293ED: init (haproxy.c:2021)
    ==31371==    by 0x41F382: main (haproxy.c:3126)

After this patch this leak is reduced. It will be fully removed in a
follow up patch:

    ==32503== 32 bytes in 1 blocks are definitely lost in loss record 20 of 43
    ==32503==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==32503==    by 0x4C39B5: sample_parse_expr (sample.c:982)
    ==32503==    by 0x56B410: parse_acl_expr (acl.c:319)
    ==32503==    by 0x56BA7F: parse_acl (acl.c:697)
    ==32503==    by 0x48D225: cfg_parse_listen (cfgparse-listen.c:816)
    ==32503==    by 0x4797C3: readcfgfile (cfgparse.c:2167)
    ==32503==    by 0x52943D: init (haproxy.c:2021)
    ==32503==    by 0x41F382: main (haproxy.c:3133)

This is a fairly minor leak that can only be observed if ACLs need to be
freed, which is not something that should occur during normal processing
and most likely only during shut down. Thus no backport should be needed.
---
 src/acl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/acl.c b/src/acl.c
index 5fea5dcc2a..014269e74c 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -117,8 +117,8 @@ static struct acl_expr *prune_acl_expr(struct acl_expr *expr)
 		}
 	}
 
-	if (expr->smp->arg_p != empty_arg_list && !unresolved)
-		free(expr->smp->arg_p);
+	release_sample_expr(expr->smp);
+
 	return expr;
 }
 
-- 
2.39.5