From a0f08d6975d00c3ea04e1bd2fcf60dad446266ec Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Fri, 15 May 2026 13:37:36 +0200 Subject: [PATCH] cf-h2-prox: fix peer leak The unlinking of the new Curl_peer was happening too later after the struct had been set to zero. Move the unlink to happen before that. Fixes #21602 Reported-by: Joshua Rogers Closes #21627 --- lib/cf-h2-proxy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cf-h2-proxy.c b/lib/cf-h2-proxy.c index 1dfd0a0a46..297afb3c8c 100644 --- a/lib/cf-h2-proxy.c +++ b/lib/cf-h2-proxy.c @@ -190,6 +190,7 @@ static void cf_h2_proxy_ctx_clear(struct cf_h2_proxy_ctx *ctx) } Curl_bufq_free(&ctx->inbufq); Curl_bufq_free(&ctx->outbufq); + Curl_peer_unlink(&ctx->dest); tunnel_stream_clear(&ctx->tunnel); memset(ctx, 0, sizeof(*ctx)); ctx->call_data = save; @@ -199,7 +200,6 @@ static void cf_h2_proxy_ctx_free(struct cf_h2_proxy_ctx *ctx) { if(ctx) { cf_h2_proxy_ctx_clear(ctx); - Curl_peer_unlink(&ctx->dest); curlx_free(ctx); } }