From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 5 Jul 2024 10:03:41 +0000 (+0200)
Subject: BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx
X-Git-Tag: v3.1-dev3~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3e2d1476e65ed45a38ed153ad2357d60755be8e9;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx

For a given peer, the synchronization of the learn state is no longer
performed in the peer appctx. It is delayed to be handled by the peers sync
task. It means that for a given peer, it is possible to have finished to
learn and only handle it after the appctx release. So the synchronization
may happen on a peer without appctx.

This was not tested and an unconditionnal wakeup on the appctx could lead to
a crash because of a NULL-deref. It may be experienced by running
reg-tests/peers/tls_basic_sync.vtc script in loop. The fix is obivous. In
sync_peer_learn_state(), we must omit to wakeup the appctx if it was already
released.

This patch should fix issue #2629. It must be backported to 3.0.
---

diff --git a/src/peers.c b/src/peers.c
index 4ec981cad9..96f6de9a00 100644
--- a/src/peers.c
+++ b/src/peers.c
@@ -3341,7 +3341,8 @@ static void sync_peer_learn_state(struct peers *peers, struct peer *peer)
 	HA_ATOMIC_AND(&peers->flags, ~PEERS_F_RESYNC_ASSIGN);
 	HA_ATOMIC_OR(&peers->flags, flags);
 
-	appctx_wakeup(peer->appctx);
+	if (peer->appctx)
+		appctx_wakeup(peer->appctx);
 }
 
 /* Synchronise the peer applet state with its associated peers section. This