BUG/MINOR: tcpcheck: Fix double free on error path when parsing tcp/http-check

When a "tcp-check" or a "http-check" rule is parsed, we try to get the
previous rule in the ruleset to get its index. We must take care to reset
the pointer on this rule in case an error is triggered later on the
parsing. Otherwise, the same rule may be released twice. For instance, it
happens with such line :

    http-check meth GET uri / ## note there is no "send" parameter

This patch must be backported as far as 2.2.

diff --git a/src/tcpcheck.c b/src/tcpcheck.c
index 535c82c89b4ed4e53ff9954b4e10b3a2ddddd7e4..55ecd2383e58c2ca2a86fc69847560d24f846179 100644 (file)
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@@ -3708,6 +3708,7 @@ static int proxy_parse_tcpcheck(char **args, int section, struct proxy *curpx,
        if (!LIST_ISEMPTY(&rs->rules)) {
                chk = LIST_PREV(&rs->rules, typeof(chk), list);
                index = chk->index + 1;
+               chk = NULL;
        }
 
        cur_arg = 1;
@@ -3809,6 +3810,7 @@ static int proxy_parse_httpcheck(char **args, int section, struct proxy *curpx,
                chk = LIST_PREV(&rs->rules, typeof(chk), list);
                if (chk->action != TCPCHK_ACT_SEND || !(chk->send.http.flags & TCPCHK_SND_HTTP_FROM_OPT))
                        index = chk->index + 1;
+               chk = NULL;
        }
 
        if (strcmp(args[cur_arg], "connect") == 0)