Fix UAF bug in connection limit filter. (#28785)

* Fix UAF bug in connection limit filter. Signed-off-by: Kevin Baichoo <kbaichoo@google.com> Co-authored-by: Haoruo Lei <haoruolei@microsoft.com> Signed-off-by: Ryan Northey <ryan@synca.io>
intel · Aug 3, 2023 · c59ff1f · c59ff1f
1 parent 8233a40
commit c59ff1f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -8,6 +8,9 @@ minor_behavior_changes:
 
 bug_fixes:
 # *Changes expected to improve the state of the world and are unlikely to have negative effects*
+- area: connection limit
+  change: |
+    fixed a use-after-free bug in the connection limit filter.
 
 removed_config_or_runtime:
 # *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`

diff --git a/source/extensions/filters/network/connection_limit/connection_limit.cc b/source/extensions/filters/network/connection_limit/connection_limit.cc
@@ -80,7 +80,6 @@ Network::FilterStatus Filter::onNewConnection() {
     absl::optional<std::chrono::milliseconds> duration = config_->delay();
     if (duration.has_value() && duration.value() > std::chrono::milliseconds(0)) {
       delay_timer_ = read_callbacks_->connection().dispatcher().createTimer([this]() -> void {
-        resetTimerState();
         read_callbacks_->connection().close(Network::ConnectionCloseType::NoFlush);
       });
       delay_timer_->enableTimer(duration.value());