RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-25 22:22:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MAJOR: sessions: unlink session from list on out of memory

Browse Source 
Since embryonic sessions were introduced in 1.5-dev12 with commit
2542b53 ("MAJOR: session: introduce embryonic sessions"), a major
bug remained present. If haproxy cannot allocate memory during
session_complete() (for example, no more buffers), it will not
unlink the new session from the sessions list. This will cause
memory corruptions if the memory area from the session is reused
for anything else, and may also cause bogus output on "show sess"
on the CLI.

This fix must be backported to 1.5.
This commit is contained in:
Willy Tarreau 2014-11-25 17:10:33 +01:00
parent c9a0f6d023
commit 3b24641745
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/session.c
View File

@ -580,6 +580,7 @@ int session_complete(struct session *s)
/* and restore the connection pointer in case we destroyed it, /* and restore the connection pointer in case we destroyed it,
* because kill_mini_session() will need it. * because kill_mini_session() will need it.
*/ */
LIST_DEL(&s->list);
s->target = &conn->obj_type; s->target = &conn->obj_type;
return ret; return ret;
} }