possible memory leak in parseHttpRequest() in client_side.c

If squid is compiled with support for ipfilter and the opening of
/dev/ipnat or the lookup on /dev/ipnat fails, then squid will leak a
clientHttpRequest structure plus other buffers because a new
clientHttpRequest structure is returned by parseHttpRequestAbort().

I hope that the patch below is right. It also removes the free_request
variable because it is not used.

The bugzilla database contains a bug report also related to
/dev/ipnat. The bug id is 157 and the author proposes a fix.

Also I would like to suggest closing the bug id 159. Most leaks
reported there by Purify are not real leaks: the author didn't compile
squid with PURIFY defined in order to turn off the memory pools. The
leak reported in statHistInit() was fixed by one patch from bug id 162.

Thank you,
Radu Greab

Index: src/client_side.c
===================================================================
RCS file: /squid/squid/src/client_side.c,v
retrieving revision 1.512.2.10
diff -u -r1.512.2.10 client_side.c
--- src/client_side.c 2001/04/20 23:21:41 1.512.2.10
+++ src/client_side.c 2001/05/29 22:03:17
@@ -2263,7 +2263,6 @@
     char *token = NULL;
     char *t = NULL;
     char *end;
- int free_request = 0;
     size_t header_sz; /* size of headers, not including first line */
     size_t prefix_sz; /* size of whole request (req-line + headers) */
     size_t url_sz;
@@ -2446,6 +2445,11 @@
             if (natfd < 0) {
                 debug(50, 1) ("parseHttpRequest: NAT open failed: %s\n",
                     xstrerror());
+ dlinkDelete(&http->active, &ClientActiveRequests);
+ xfree(http->uri);
+ cbdataFree(http);
+ memFree(http, MEM_CLIENTHTTPREQUEST);
+ xfree(inbuf);
                 return parseHttpRequestAbort(conn, "error:nat-open-failed");
             }
             /*
@@ -2466,6 +2470,11 @@
                     debug(50, 1) ("parseHttpRequest: NAT lookup failed: ioctl(SIOCGNATL)\n");
                     close(natfd);
                     natfd = -1;
+ dlinkDelete(&http->active, &ClientActiveRequests);
+ xfree(http->uri);
+ cbdataFree(http);
+ memFree(http, MEM_CLIENTHTTPREQUEST);
+ xfree(inbuf);
                     return parseHttpRequestAbort(conn, "error:nat-lookup-failed");
                 } else
                     snprintf(http->uri, url_sz, "http://%s:%d%s",
@@ -2510,8 +2519,6 @@
     else
         http->log_uri = xstrndup(rfc1738_escape_unescaped(http->uri), MAX_URL);
     debug(33, 5) ("parseHttpRequest: Complete request received\n");
- if (free_request)
- safe_free(url);
     xfree(inbuf);
     *status = 1;
     return http;
Received on Wed May 30 2001 - 04:09:53 MDT