BUG/MINOR: hq-interop: fix leak in case of rcv_buf early return

HTTP/0.9 parser was recently updated to support truncated requests in
rcv_buf operation. However, this caused a leak as input buffer is
allocated early.

In fact, the leak was already present in case of fatal errors. Fix this
by first delaying buffer allocation, so that initial checks are
performed before. Then, ensure that buffer is released in case of a
latter error.

This is considered as minor, as HTTP/0.9 is reserved for experiment and
QUIC interop usages.

This should be backported up to 2.6.

src/hq_interop.c

@@ -23,9 +23,6 @@ static ssize_t hq_interop_rcv_buf(struct qcs *qcs, struct buffer *b, int fin)
 	/* hq-interop parser does not support buffer wrapping. */
 	BUG_ON(b_data(b) != b_contig_data(b, 0));
 
-	b_alloc(&htx_buf, DB_MUX_RX);
-	htx = htx_from_buf(&htx_buf);
-
 	/* skip method */
 	while (data && HTTP_IS_TOKEN(*ptr)) {
 		ptr++;
@@ -62,9 +59,14 @@ static ssize_t hq_interop_rcv_buf(struct qcs *qcs, struct buffer *b, int fin)
 
 	path.len = ptr - path.ptr;
 
+	b_alloc(&htx_buf, DB_MUX_RX);
+	htx = htx_from_buf(&htx_buf);
+
 	sl = htx_add_stline(htx, HTX_BLK_REQ_SL, 0, ist("GET"), path, ist("HTTP/1.0"));
-	if (!sl)
+	if (!sl) {
+		b_free(&htx_buf);
 		return -1;
+	}
 
 	sl->flags |= HTX_SL_F_BODYLESS;
 	sl->info.req.meth = find_http_meth("GET", 3);
@@ -73,8 +75,10 @@ static ssize_t hq_interop_rcv_buf(struct qcs *qcs, struct buffer *b, int fin)
 	htx->flags |= HTX_FL_EOM;
 	htx_to_buf(htx, &htx_buf);
 
-	if (qcs_attach_sc(qcs, &htx_buf, fin))
+	if (qcs_attach_sc(qcs, &htx_buf, fin)) {
+		b_free(&htx_buf);
 		return -1;
+	}
 
 	b_free(&htx_buf);