From c950f48e7aa22f1903ec6a9b233c577b0fbba3fc Mon Sep 17 00:00:00 2001 From: Thomas Heil Date: Thu, 20 Nov 2014 14:29:40 +0100 Subject: [PATCH] haproxy: patches from upstream - [PATCH 1/6] BUILD: fix "make install" to support spaces in the - [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause - [PATCH 3/6] BUG/MEDIUM: ssl: force a full GC in case of memory - [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks - [PATCH 5/6] BUG/MINOR: config: don't inherit the default balance - [PATCH 6/6] BUG/MAJOR: frontend: initialize capture pointers earlier Signed-off-by: Thomas Heil --- net/haproxy/Makefile | 2 +- ...nstall-to-support-spaces-in-the-inst.patch | 46 ++++++++ ...ix-bad-ssl-context-init-can-cause-se.patch | 87 +++++++++++++++ ...orce-a-full-GC-in-case-of-memory-sho.patch | 104 ++++++++++++++++++ ...s-fix-conflicts-between-agent-checks.patch | 102 +++++++++++++++++ ...-don-t-inherit-the-default-balance-a.patch | 42 +++++++ ...nd-initialize-capture-pointers-earli.patch | 59 ++++++++++ 7 files changed, 441 insertions(+), 1 deletion(-) create mode 100644 net/haproxy/patches/0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch create mode 100644 net/haproxy/patches/0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch create mode 100644 net/haproxy/patches/0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch create mode 100644 net/haproxy/patches/0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch create mode 100644 net/haproxy/patches/0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch create mode 100644 net/haproxy/patches/0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 7330bb6ca8..dc254bc709 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy PKG_VERSION:=1.5.8 -PKG_RELEASE:=00 +PKG_RELEASE:=06 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.5/src/ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/net/haproxy/patches/0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch b/net/haproxy/patches/0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch new file mode 100644 index 0000000000..27a41ce77a --- /dev/null +++ b/net/haproxy/patches/0001-BUILD-fix-make-install-to-support-spaces-in-the-inst.patch @@ -0,0 +1,46 @@ +From 184422d39df1aa27e6ef4c1ae75177489147ec99 Mon Sep 17 00:00:00 2001 +From: Arcadiy Ivanov +Date: Tue, 4 Nov 2014 07:06:13 -0500 +Subject: [PATCH 1/6] BUILD: fix "make install" to support spaces in the + install dirs + +Makefile is unable to install into directories containing spaces. +(cherry picked from commit 3785311e64792787de78370fa126fd806734f7fe) +--- + Makefile | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/Makefile b/Makefile +index 707037b..9556069 100644 +--- a/Makefile ++++ b/Makefile +@@ -710,19 +710,19 @@ src/dlmalloc.o: $(DLMALLOC_SRC) + $(CC) $(COPTS) -DDEFAULT_MMAP_THRESHOLD=$(DLMALLOC_THRES) -c -o $@ $< + + install-man: +- install -d $(DESTDIR)$(MANDIR)/man1 +- install -m 644 doc/haproxy.1 $(DESTDIR)$(MANDIR)/man1 ++ install -d "$(DESTDIR)$(MANDIR)"/man1 ++ install -m 644 doc/haproxy.1 "$(DESTDIR)$(MANDIR)"/man1 + + install-doc: +- install -d $(DESTDIR)$(DOCDIR) ++ install -d "$(DESTDIR)$(DOCDIR)" + for x in configuration architecture haproxy-en haproxy-fr; do \ +- install -m 644 doc/$$x.txt $(DESTDIR)$(DOCDIR) ; \ ++ install -m 644 doc/$$x.txt "$(DESTDIR)$(DOCDIR)" ; \ + done + + install-bin: haproxy haproxy-systemd-wrapper +- install -d $(DESTDIR)$(SBINDIR) +- install haproxy $(DESTDIR)$(SBINDIR) +- install haproxy-systemd-wrapper $(DESTDIR)$(SBINDIR) ++ install -d "$(DESTDIR)$(SBINDIR)" ++ install haproxy "$(DESTDIR)$(SBINDIR)" ++ install haproxy-systemd-wrapper "$(DESTDIR)$(SBINDIR)" + + install: install-bin install-man install-doc + +-- +2.0.4 + diff --git a/net/haproxy/patches/0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch b/net/haproxy/patches/0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch new file mode 100644 index 0000000000..33f35b3cf8 --- /dev/null +++ b/net/haproxy/patches/0002-BUG-MEDIUM-ssl-fix-bad-ssl-context-init-can-cause-se.patch @@ -0,0 +1,87 @@ +From 90951497008967f10ba8f9927b53c6e6bc138540 Mon Sep 17 00:00:00 2001 +From: Emeric Brun +Date: Wed, 12 Nov 2014 17:35:37 +0100 +Subject: [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause + segfault in case of OOM. + +Some SSL context's init functions errors were not handled and +can cause a segfault due to an incomplete SSL context +initialization. + +This fix must be backported to 1.5. +(cherry picked from commit 5547615cdac377797ae351a2e024376dbf6d6963) +--- + src/ssl_sock.c | 44 ++++++++++++++++++++++++++++++++++---------- + 1 file changed, 34 insertions(+), 10 deletions(-) + +diff --git a/src/ssl_sock.c b/src/ssl_sock.c +index f8bfbe7..620609f 100644 +--- a/src/ssl_sock.c ++++ b/src/ssl_sock.c +@@ -2040,15 +2040,29 @@ static int ssl_sock_init(struct connection *conn) + return -1; + } + +- SSL_set_connect_state(conn->xprt_ctx); +- if (objt_server(conn->target)->ssl_ctx.reused_sess) +- SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess); +- + /* set fd on SSL session context */ +- SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd); ++ if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { ++ SSL_free(conn->xprt_ctx); ++ conn->xprt_ctx = NULL; ++ conn->err_code = CO_ER_SSL_NO_MEM; ++ return -1; ++ } + + /* set connection pointer */ +- SSL_set_app_data(conn->xprt_ctx, conn); ++ if (!SSL_set_app_data(conn->xprt_ctx, conn)) { ++ SSL_free(conn->xprt_ctx); ++ conn->xprt_ctx = NULL; ++ conn->err_code = CO_ER_SSL_NO_MEM; ++ return -1; ++ } ++ ++ SSL_set_connect_state(conn->xprt_ctx); ++ if (objt_server(conn->target)->ssl_ctx.reused_sess) { ++ if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess)) { ++ SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess); ++ objt_server(conn->target)->ssl_ctx.reused_sess = NULL; ++ } ++ } + + /* leave init state and start handshake */ + conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; +@@ -2065,13 +2079,23 @@ static int ssl_sock_init(struct connection *conn) + return -1; + } + +- SSL_set_accept_state(conn->xprt_ctx); +- + /* set fd on SSL session context */ +- SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd); ++ if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { ++ SSL_free(conn->xprt_ctx); ++ conn->xprt_ctx = NULL; ++ conn->err_code = CO_ER_SSL_NO_MEM; ++ return -1; ++ } + + /* set connection pointer */ +- SSL_set_app_data(conn->xprt_ctx, conn); ++ if (!SSL_set_app_data(conn->xprt_ctx, conn)) { ++ SSL_free(conn->xprt_ctx); ++ conn->xprt_ctx = NULL; ++ conn->err_code = CO_ER_SSL_NO_MEM; ++ return -1; ++ } ++ ++ SSL_set_accept_state(conn->xprt_ctx); + + /* leave init state and start handshake */ + conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; +-- +2.0.4 + diff --git a/net/haproxy/patches/0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch b/net/haproxy/patches/0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch new file mode 100644 index 0000000000..422471dd2c --- /dev/null +++ b/net/haproxy/patches/0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch @@ -0,0 +1,104 @@ +From 9bcc01ae25985dd540080f43b160beab1f1a2bc6 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Thu, 13 Nov 2014 13:48:58 +0100 +Subject: [PATCH 3/6] BUG/MEDIUM: ssl: force a full GC in case of memory + shortage + +When memory becomes scarce and openssl refuses to allocate a new SSL +session, it is worth freeing the pools and trying again instead of +rejecting all incoming SSL connection. This can happen when some +memory usage limits have been assigned to the haproxy process using +-m or with ulimit -m/-v. + +This is mostly an enhancement of previous fix and is worth backporting +to 1.5. +(cherry picked from commit fba03cdc5ac6e3ca318b34915596cbc0a0dacc55) +--- + src/ssl_sock.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/src/ssl_sock.c b/src/ssl_sock.c +index 620609f..f50efe5 100644 +--- a/src/ssl_sock.c ++++ b/src/ssl_sock.c +@@ -2033,9 +2033,16 @@ static int ssl_sock_init(struct connection *conn) + /* If it is in client mode initiate SSL session + in connect state otherwise accept state */ + if (objt_server(conn->target)) { ++ int may_retry = 1; ++ ++ retry_connect: + /* Alloc a new SSL session ctx */ + conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx); + if (!conn->xprt_ctx) { ++ if (may_retry--) { ++ pool_gc2(); ++ goto retry_connect; ++ } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } +@@ -2044,6 +2051,10 @@ static int ssl_sock_init(struct connection *conn) + if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; ++ if (may_retry--) { ++ pool_gc2(); ++ goto retry_connect; ++ } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } +@@ -2052,6 +2063,10 @@ static int ssl_sock_init(struct connection *conn) + if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; ++ if (may_retry--) { ++ pool_gc2(); ++ goto retry_connect; ++ } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } +@@ -2072,9 +2087,16 @@ static int ssl_sock_init(struct connection *conn) + return 0; + } + else if (objt_listener(conn->target)) { ++ int may_retry = 1; ++ ++ retry_accept: + /* Alloc a new SSL session ctx */ + conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->default_ctx); + if (!conn->xprt_ctx) { ++ if (may_retry--) { ++ pool_gc2(); ++ goto retry_accept; ++ } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } +@@ -2083,6 +2105,10 @@ static int ssl_sock_init(struct connection *conn) + if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; ++ if (may_retry--) { ++ pool_gc2(); ++ goto retry_accept; ++ } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } +@@ -2091,6 +2117,10 @@ static int ssl_sock_init(struct connection *conn) + if (!SSL_set_app_data(conn->xprt_ctx, conn)) { + SSL_free(conn->xprt_ctx); + conn->xprt_ctx = NULL; ++ if (may_retry--) { ++ pool_gc2(); ++ goto retry_accept; ++ } + conn->err_code = CO_ER_SSL_NO_MEM; + return -1; + } +-- +2.0.4 + diff --git a/net/haproxy/patches/0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch b/net/haproxy/patches/0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch new file mode 100644 index 0000000000..7a741fbbb5 --- /dev/null +++ b/net/haproxy/patches/0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch @@ -0,0 +1,102 @@ +From 1f96a87c4e1412ccdc6cfe81bfd6f20a1782886a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cyril=20Bont=C3=A9?= +Date: Sat, 15 Nov 2014 22:41:27 +0100 +Subject: [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks + and ssl healthchecks + +Lasse Birnbaum Jensen reported an issue when agent checks are used at the same +time as standard healthchecks when SSL is enabled on the server side. + +The symptom is that agent checks try to communicate in SSL while it should +manage raw data. This happens because the transport layer is shared between all +kind of checks. + +To fix the issue, the transport layer is now stored in each check type, +allowing to use SSL healthchecks when required, while an agent check should +always use the raw_sock implementation. + +The fix must be backported to 1.5. +(cherry picked from commit 9ce1311ebc834e20addc7a8392c0fc4e4ad687b7) +--- + include/types/checks.h | 3 ++- + include/types/server.h | 1 - + src/checks.c | 2 +- + src/server.c | 2 +- + src/ssl_sock.c | 2 +- + 5 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/include/types/checks.h b/include/types/checks.h +index a50043b..42b7b07 100644 +--- a/include/types/checks.h ++++ b/include/types/checks.h +@@ -125,6 +125,7 @@ enum { + }; + + struct check { ++ struct xprt_ops *xprt; /* transport layer operations for health checks */ + struct connection *conn; /* connection state for health checks */ + unsigned short port; /* the port to use for the health checks */ + struct buffer *bi, *bo; /* input and output buffers to send/recv check */ +@@ -132,7 +133,7 @@ struct check { + struct timeval start; /* last health check start time */ + long duration; /* time in ms took to finish last health check */ + short status, code; /* check result, check code */ +- char desc[HCHK_DESC_LEN]; /* health check descritpion */ ++ char desc[HCHK_DESC_LEN]; /* health check description */ + int use_ssl; /* use SSL for health checks */ + int send_proxy; /* send a PROXY protocol header with checks */ + struct tcpcheck_rule *current_step; /* current step when using tcpcheck */ +diff --git a/include/types/server.h b/include/types/server.h +index 313f58d..c419b40 100644 +--- a/include/types/server.h ++++ b/include/types/server.h +@@ -194,7 +194,6 @@ struct server { + + struct { /* configuration used by health-check and agent-check */ + struct protocol *proto; /* server address protocol for health checks */ +- struct xprt_ops *xprt; /* transport layer operations for health checks */ + struct sockaddr_storage addr; /* the address to check, if different from */ + } check_common; + +diff --git a/src/checks.c b/src/checks.c +index 5318f35..84bf0e5 100644 +--- a/src/checks.c ++++ b/src/checks.c +@@ -1413,7 +1413,7 @@ static int connect_chk(struct task *t) + + /* prepare a new connection */ + conn_init(conn); +- conn_prepare(conn, s->check_common.proto, s->check_common.xprt); ++ conn_prepare(conn, s->check_common.proto, check->xprt); + conn_attach(conn, check, &check_conn_cb); + conn->target = &s->obj_type; + +diff --git a/src/server.c b/src/server.c +index fdb63cc..94a31b6 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -929,7 +929,7 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr + + newsrv->addr = *sk; + newsrv->proto = newsrv->check_common.proto = protocol_by_family(newsrv->addr.ss_family); +- newsrv->xprt = newsrv->check_common.xprt = &raw_sock; ++ newsrv->xprt = newsrv->check.xprt = newsrv->agent.xprt = &raw_sock; + + if (!newsrv->proto) { + Alert("parsing [%s:%d] : Unknown protocol family %d '%s'\n", +diff --git a/src/ssl_sock.c b/src/ssl_sock.c +index f50efe5..b73d6f9 100644 +--- a/src/ssl_sock.c ++++ b/src/ssl_sock.c +@@ -1812,7 +1812,7 @@ int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy) + if (srv->use_ssl) + srv->xprt = &ssl_sock; + if (srv->check.use_ssl) +- srv->check_common.xprt = &ssl_sock; ++ srv->check.xprt = &ssl_sock; + + srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method()); + if (!srv->ssl_ctx.ctx) { +-- +2.0.4 + diff --git a/net/haproxy/patches/0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch b/net/haproxy/patches/0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch new file mode 100644 index 0000000000..1ca2efe0d7 --- /dev/null +++ b/net/haproxy/patches/0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch @@ -0,0 +1,42 @@ +From cac307c020db7a938b73d4fef27a3b4ad2ecdf6a Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Tue, 18 Nov 2014 15:04:29 +0100 +Subject: [PATCH 5/6] BUG/MINOR: config: don't inherit the default balance + algorithm in frontends + +Tom Limoncelli from Stack Exchange reported a minor bug : the frontend +inherits the LB parameters from the defaults sections. The impact is +that if a "balance" directive uses any L7 parameter in the defaults +sections and the frontend is in TCP mode, a warning is emitted about +their incompatibility. The warning is harmless but a valid, sane config +should never cause any warning to be reported. + +This fix should be backported into 1.5 and possibly 1.4. +(cherry picked from commit 743c128580ee29c8f073b4a29771a5ce715f3721) +--- + src/cfgparse.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/cfgparse.c b/src/cfgparse.c +index 392a692..40d20ab 100644 +--- a/src/cfgparse.c ++++ b/src/cfgparse.c +@@ -2003,7 +2003,6 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) + curproxy->no_options = defproxy.no_options; + curproxy->no_options2 = defproxy.no_options2; + curproxy->bind_proc = defproxy.bind_proc; +- curproxy->lbprm.algo = defproxy.lbprm.algo; + curproxy->except_net = defproxy.except_net; + curproxy->except_mask = defproxy.except_mask; + curproxy->except_to = defproxy.except_to; +@@ -2037,6 +2036,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) + } + + if (curproxy->cap & PR_CAP_BE) { ++ curproxy->lbprm.algo = defproxy.lbprm.algo; + curproxy->fullconn = defproxy.fullconn; + curproxy->conn_retries = defproxy.conn_retries; + curproxy->max_ka_queue = defproxy.max_ka_queue; +-- +2.0.4 + diff --git a/net/haproxy/patches/0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch b/net/haproxy/patches/0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch new file mode 100644 index 0000000000..835461cdb3 --- /dev/null +++ b/net/haproxy/patches/0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch @@ -0,0 +1,59 @@ +From 8ba50128832bb31e95f06fe4cb2bd172f2b945fe Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Tue, 18 Nov 2014 18:49:19 +0100 +Subject: [PATCH 6/6] BUG/MAJOR: frontend: initialize capture pointers earlier + +Denys Fedoryshchenko reported and diagnosed a nasty bug caused by TCP +captures, introduced in late 1.5-dev by commit 18bf01e ("MEDIUM: tcp: +add a new tcp-request capture directive"). The problem is that we're +using the array of capture pointers initially designed for HTTP usage +only, and that this array was only reset when starting to process an +HTTP request. In a tcp-only frontend, the pointers are not reset, and +if the capture pool is shared, we can very well point to whatever other +memory location, resulting in random crashes when tcp-request content +captures are processed. + +The fix simply consists in initializing these pointers when the pools +are prepared. + +A workaround for existing versions consists in either disabling TCP +captures in tcp-only frontends, or in forcing the frontends to work in +HTTP mode. + +Thanks to Denys for the amount of testing and detailed reports. + +This fix must be backported to 1.5. +(cherry picked from commit 9654e57fac86c773091b892f42015ba2ba56be5a) +--- + src/frontend.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/frontend.c b/src/frontend.c +index 3f80774..2928047 100644 +--- a/src/frontend.c ++++ b/src/frontend.c +@@ -106,11 +106,17 @@ int frontend_accept(struct session *s) + if (global.tune.client_rcvbuf) + setsockopt(cfd, SOL_SOCKET, SO_RCVBUF, &global.tune.client_rcvbuf, sizeof(global.tune.client_rcvbuf)); + +- if (unlikely(s->fe->nb_req_cap > 0 && (s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL)) +- goto out_return; /* no memory */ ++ if (unlikely(s->fe->nb_req_cap > 0)) { ++ if ((s->txn.req.cap = pool_alloc2(s->fe->req_cap_pool)) == NULL) ++ goto out_return; /* no memory */ ++ memset(s->txn.req.cap, 0, s->fe->nb_req_cap * sizeof(void *)); ++ } + +- if (unlikely(s->fe->nb_rsp_cap > 0 && (s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL)) +- goto out_free_reqcap; /* no memory */ ++ if (unlikely(s->fe->nb_rsp_cap > 0)) { ++ if ((s->txn.rsp.cap = pool_alloc2(s->fe->rsp_cap_pool)) == NULL) ++ goto out_free_reqcap; /* no memory */ ++ memset(s->txn.rsp.cap, 0, s->fe->nb_rsp_cap * sizeof(void *)); ++ } + + if (s->fe->http_needed) { + /* we have to allocate header indexes only if we know +-- +2.0.4 + -- 2.30.2