From: Willy Tarreau Date: Wed, 15 Jul 2020 15:46:32 +0000 (+0200) Subject: BUG/MINOR: backend: fix potential null deref on srv_conn X-Git-Tag: v2.3-dev1~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dc2ac81c41b2628ea1f37a915d377dc51e922e16;p=thirdparty%2Fhaproxy.git BUG/MINOR: backend: fix potential null deref on srv_conn Commit 08016ab82 ("MEDIUM: connection: Add private connections synchronously in session server list") introduced a build warning about a potential null dereference which is actually true: in case a reuse fails an we fail to allocate a new connection, we could crash. The issue was already present earlier but the compiler couldn't detect it since it was guarded by an independent condition. This should be carefully backported to older versions (at least 2.2 and maybe 2.1), the change consists in only adding a test on srv_conn. The whole sequence of "if" blocks is ugly there and would deserve being cleaned up so that the !srv_conn condition is matched ASAP and the assignment is done later. This would remove complicated conditions. --- diff --git a/src/backend.c b/src/backend.c index 6ec45d265f..b305ec0c8f 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1360,9 +1360,11 @@ int connect_server(struct stream *s) srv_conn = conn_new(s->target); srv_cs = NULL; - srv_conn->owner = s->sess; - if ((s->be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR) - conn_set_private(srv_conn); + if (srv_conn) { + srv_conn->owner = s->sess; + if ((s->be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR) + conn_set_private(srv_conn); + } } if (!srv_conn || !sockaddr_alloc(&srv_conn->dst)) {