We cannot simply `release_sample_expr(rule->arg.vars.expr)` for a `struct act_rule`, because `rule->arg` is a union that might not contain valid `vars`. This leads to a crash on a configuration using `http-request redirect` and possibly others:
frontend http mode http bind 127.0.0.1:80 http-request redirect scheme https Instead a `struct act_rule` has a `release_ptr` that must be used to properly free any additional storage allocated. This patch fixes a regression in commit ff78fcdd7f15c8626c7e70add7a935221ee2920c. It must be backported to whereever that patch is backported. It has be verified that the configuration above no longer crashes. It has also been verified that the configuration in ff78fcdd7f15c8626c7e70add7a935221ee2920c does not leak. --- src/haproxy.c | 1 - src/vars.c | 7 +++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/haproxy.c b/src/haproxy.c index 245ac3b60..6548db6b5 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -2555,7 +2555,6 @@ static void deinit_act_rules(struct list *rules) list_for_each_entry_safe(rule, ruleb, rules, list) { LIST_DEL(&rule->list); deinit_acl_cond(rule->cond); - release_sample_expr(rule->arg.vars.expr); if (rule->release_ptr) rule->release_ptr(rule); free(rule); diff --git a/src/vars.c b/src/vars.c index b154c529d..fd95eed5d 100644 --- a/src/vars.c +++ b/src/vars.c @@ -689,6 +689,11 @@ static enum act_return action_clear(struct act_rule *rule, struct proxy *px, return ACT_RET_CONT; } +static void release_store_rule(struct act_rule *rule) +{ + release_sample_expr(rule->arg.vars.expr); +} + /* This two function checks the variable name and replace the * configuration string name by the global string name. its * the same string, but the global pointer can be easy to @@ -758,6 +763,7 @@ static enum act_parse_ret parse_store(const char **args, int *arg, struct proxy if (!set_var) { rule->action = ACT_CUSTOM; rule->action_ptr = action_clear; + rule->release_ptr = release_store_rule; return ACT_RET_PRS_OK; } @@ -791,6 +797,7 @@ static enum act_parse_ret parse_store(const char **args, int *arg, struct proxy rule->action = ACT_CUSTOM; rule->action_ptr = action_store; + rule->release_ptr = release_store_rule; return ACT_RET_PRS_OK; } -- 2.27.0