From: Aurelien DARRAGON Date: Mon, 2 Dec 2024 15:22:28 +0000 (+0100) Subject: BUG/MINOR: listener: fix potential null pointer dereference in listener_release() X-Git-Tag: v3.2-dev1~58 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b167426b6bf64f1c5ade38dfe4bf12379170a8b7;p=thirdparty%2Fhaproxy.git BUG/MINOR: listener: fix potential null pointer dereference in listener_release() As reported by @Bbulatov on GH #2804, fe is found at multiple places in listener_release(): in some places it is first checked against NULL before being de-referenced while in some other places it is not, which is ambiguous and could hide a bug. In practise, fe cannot be NULL for now, but it might not be the case in the future as we want to keep the possibility to run isolated listeners (that is, without proxy attached). We've already ensured this was the case with a57786e ("BUG/MINOR: listener: null pointer dereference suspected by coverity"), but this promise was recently broken by 65ae134 ("BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release"). Let's fix that by conditionning the block with an "else if" statement instead of a regular "else". No need for backport except if multi-connection protocols (ie: FTP) were to be backported as well. --- diff --git a/src/listener.c b/src/listener.c index 7518f34ad2..5f3a98b4a8 100644 --- a/src/listener.c +++ b/src/listener.c @@ -1622,7 +1622,7 @@ void listener_release(struct listener *l) if (fe && !MT_LIST_ISEMPTY(&fe->listener_queue) && (!fe->fe_sps_lim || freq_ctr_remain(&fe->fe_counters.sess_per_sec, fe->fe_sps_lim, 0) > 0)) dequeue_proxy_listeners(fe, 0); - else { + else if (fe) { unsigned int wait; int expire = TICK_ETERNITY;