From 3b24641745b32289235d765f441ec60fa7381f99 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 25 Nov 2014 17:10:33 +0100 Subject: [PATCH] BUG/MAJOR: sessions: unlink session from list on out of memory Since embryonic sessions were introduced in 1.5-dev12 with commit 2542b53 ("MAJOR: session: introduce embryonic sessions"), a major bug remained present. If haproxy cannot allocate memory during session_complete() (for example, no more buffers), it will not unlink the new session from the sessions list. This will cause memory corruptions if the memory area from the session is reused for anything else, and may also cause bogus output on "show sess" on the CLI. This fix must be backported to 1.5. --- src/session.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/session.c b/src/session.c index 0ceb031b9..772307495 100644 --- a/src/session.c +++ b/src/session.c @@ -580,6 +580,7 @@ int session_complete(struct session *s) /* and restore the connection pointer in case we destroyed it, * because kill_mini_session() will need it. */ + LIST_DEL(&s->list); s->target = &conn->obj_type; return ret; }