Package: haproxy / 1.5.8-3+deb8u2

from-upstream/0007-BUG-MAJOR-sessions-unlink-session-from-list-on-out-o.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
From 7f399f63f2d8414c6ef7ebde45db3689ad6453b9 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 25 Nov 2014 17:10:33 +0100
Subject: [PATCH 7/9] BUG/MAJOR: sessions: unlink session from list on out of
 memory

Since embryonic sessions were introduced in 1.5-dev12 with commit
2542b53 ("MAJOR: session: introduce embryonic sessions"), a major
bug remained present. If haproxy cannot allocate memory during
session_complete() (for example, no more buffers), it will not
unlink the new session from the sessions list. This will cause
memory corruptions if the memory area from the session is reused
for anything else, and may also cause bogus output on "show sess"
on the CLI.

This fix must be backported to 1.5.
(cherry picked from commit 3b24641745b32289235d765f441ec60fa7381f99)
---
 src/session.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/session.c b/src/session.c
index df85170cd13a..5b9e407118a3 100644
--- a/src/session.c
+++ b/src/session.c
@@ -579,6 +579,7 @@ int session_complete(struct session *s)
 	/* and restore the connection pointer in case we destroyed it,
 	 * because kill_mini_session() will need it.
 	 */
+	LIST_DEL(&s->list);
 	s->target = &conn->obj_type;
 	return ret;
 }
-- 
2.1.3