From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 9 Dec 2014 19:29:01 +0000 (+0200)
Subject: Deleting first fs left psstate->servers pointing to uninitialized memory
X-Git-Tag: merge-candidate-3-v1~441
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=076361789d377ffad125313fbfc32ed31922310b;p=thirdparty%2Fsquid.git

Deleting first fs left psstate->servers pointing to uninitialized memory
possibly causing infinite loops in peerAddFwdServer().

TODO: The condition itself is excessive. If fs is not nil, the previous check
already tells us that the Config.forward_max_tries limit is exceeded.
---

diff --git a/src/peer_select.cc b/src/peer_select.cc
index 0470784e86..77054912de 100644
--- a/src/peer_select.cc
+++ b/src/peer_select.cc
@@ -263,11 +263,12 @@ peerSelectDnsPaths(ps_state *psstate)
     // due to the allocation method of fs, we must deallocate each manually.
     // TODO: use a std::list so we can get the size and abort adding whenever the selection loops reach Config.forward_max_tries
     if (fs && psstate->paths->size() >= (unsigned int)Config.forward_max_tries) {
+        assert(fs == psstate->servers);
         while (fs) {
-            FwdServer *next = fs->next;
+            psstate->servers = fs->next;
             cbdataReferenceDone(fs->_peer);
             memFree(fs, MEM_FWD_SERVER);
-            fs = next;
+            fs = psstate->servers;
         }
     }