From c0b481f87b4b5c7d77b4c021495c29bc0f43ebba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Wed, 2 Feb 2022 15:39:55 +0100
Subject: [PATCH] MINOR: quic: Possible memleak in qc_new_conn()

This should fix Coverity CID 375047 in GH #1536 where <buf_area> could leak because
not always freed by by quic_conn_drop(), especially when not stored in <qc> variable.
---
 src/xprt_quic.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 29cffdeb1..0793967b6 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -3561,7 +3561,7 @@ static struct quic_conn *qc_new_conn(unsigned int version, int ipv4,
 	struct quic_conn *qc;
 	/* Initial CID. */
 	struct quic_connection_id *icid;
-	char *buf_area;
+	char *buf_area = NULL;
 	struct listener *l = NULL;
 
 	TRACE_ENTER(QUIC_EV_CONN_INIT);
@@ -3668,6 +3668,9 @@ static struct quic_conn *qc_new_conn(unsigned int version, int ipv4,
 
  err:
 	TRACE_DEVEL("leaving in error", QUIC_EV_CONN_INIT, qc ? qc : NULL);
+	pool_free(pool_head_quic_conn_rxbuf, buf_area);
+	if (qc)
+		qc->rx.buf.area = NULL;
 	quic_conn_drop(qc);
 	return NULL;
 }