Fix to prevent double free of dcb->data/session->data. If authentication fails, call free(dcb->data) only when DCB in question is *not* cloned.

server/core/session.c

@@ -85,7 +85,7 @@ session_alloc(SERVICE *service, DCB *client_dcb)
                         "session object due error %d, %s.",
                         errno,
                         strerror(errno))));
-		if (client_dcb->data)
+		if (client_dcb->data && !DCB_IS_CLONE(client_dcb))
 		{
 			free(client_dcb->data);
 			client_dcb->data = NULL;

server/modules/protocol/mysql_client.c

@@ -685,7 +685,7 @@ int gw_read_client_event(
 				dcb_close(dcb);
 			}
 		}
-		else 
+		else
 		{
 			char* fail_str = NULL;
 			
@@ -721,7 +721,10 @@ int gw_read_client_event(
 			/**
 			 * Release MYSQL_session since it is not used anymore.
 			 */
-			free(dcb->data);
+			if (!DCB_IS_CLONE(dcb))
+			{
+				free(dcb->data);
+			}
 			dcb->data = NULL;
 			
 			dcb_close(dcb);