BUG/MEDIUM: httpclient: check if the httpclient was released in the IO handler

Upon a applet_release(), the applet can be scheduled again and a call to
the IO handler is still possible. When the struct httpclient is already
free the IO handler could try to access it.

This patch fixes the issue by setting svcctx to NULL in the
applet_release, and checking its value in the IO handler.

Must be backported as far as 2.5.

diff --git a/src/http_client.c b/src/http_client.c
index 2f9bac55528ca59f980195371cb892e1bfacfb56..92a4ed6dd874a3825e8ce1ff6cd7ae62fc902580 100644 (file)
--- a/src/http_client.c
+++ b/src/http_client.c
@@ -707,6 +707,11 @@ static void httpclient_applet_io_handler(struct appctx *appctx)
        uint32_t sz;
        int ret;
 
+       /* The IO handler could be called after the release, so we need to
+        * check if hc is still there to run the IO handler */
+       if (!hc)
+               return;
+
        while (1) {
 
                /* required to stop */
@@ -1115,6 +1120,10 @@ static void httpclient_applet_release(struct appctx *appctx)
                httpclient_destroy(hc);
        }
 
+       /* be sure not to use this ptr anymore if the IO handler is called a
+        * last time */
+       appctx->svcctx = NULL;
+
        return;
 }