On Tue, May 12, 2015 at 05:34:58PM -0400, Bertrand PROVOST wrote: > I found a crash in relayd when using http relay. `bev` pointer is > used after a free in `relay_http.c` lines: 438, 492 and 609
Thanks for the bug report and analysis. I have added test cases in /usr/src/regress/usr.sbin/relayd/ . Note that your patch does not pass all regression tests. So I have commited a spimpler fix that moves the bev->readcb() invocation to the end of the function. bluhm