From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 23 Nov 2022 14:58:59 +0000 (+0100)
Subject: BUG/MEDIUM: mux-h1: Remove H1C_F_WAIT_NEXT_REQ flag on a next request
X-Git-Tag: v2.7-dev10~20
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4427ea7f049760725141bc710511c1a4c8bf59b4;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: mux-h1: Remove H1C_F_WAIT_NEXT_REQ flag on a next request

When an idle H1 connection starts to process an new request, we must take
care to remove H1C_F_WAIT_NEXT_REQ flag. This flag is used to know an idle
H1 connection has already processed at least one request and is waiting for
a next one, but nothing was received yet.

Keeping this flag leads to a crash because some running H1 connections may
be erroneously released on a soft-stop. Indeed, only idle or closed
connections must be released.

This bug was reported into #1903. It is 2.7-specific. No backport needed.
---

diff --git a/src/mux_h1.c b/src/mux_h1.c
index b730364ac5..15abff3d7d 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -750,7 +750,7 @@ static struct h1s *h1s_new(struct h1c *h1c)
 	if (h1c->flags & H1C_F_WAIT_NEXT_REQ)
 		h1s->flags |= H1S_F_NOT_FIRST;
 	h1s->h1c->state = H1_CS_EMBRYONIC;
-
+	h1s->h1c->flags &= ~H1C_F_WAIT_NEXT_REQ;
 	TRACE_LEAVE(H1_EV_H1S_NEW, h1c->conn, h1s);
 	return h1s;