From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 14 Mar 2024 08:29:09 +0000 (+0100)
Subject: BUG/MINOR: listener: Don't schedule frontend without task in listener_release()
X-Git-Tag: v3.0-dev6~92
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f31a4e302e2c24409fbf7bd2d30aa221968eb7a6;p=thirdparty%2Fhaproxy.git

BUG/MINOR: listener: Don't schedule frontend without task in listener_release()

null pointer dereference was reported by Coverity in listener_release()
function. Indeed, we must not try to schedule frontend without task when a
limit is still blocking the frontend. This issue was introduced by commit
65ae1347c7 ("BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on
session release")

This patch should fix issue #2488. It must be backported to all stable
version with the commit above.
---

diff --git a/src/listener.c b/src/listener.c
index 86d4c44f5f..6e37984a85 100644
--- a/src/listener.c
+++ b/src/listener.c
@@ -1606,7 +1606,7 @@ void listener_release(struct listener *l)
 		unsigned int wait;
 		int expire = TICK_ETERNITY;
 
-		if (fe->fe_sps_lim &&
+		if (fe->task && fe->fe_sps_lim &&
 		    (wait = next_event_delay(&fe->fe_sess_per_sec,fe->fe_sps_lim, 0))) {
 			/* we're blocking because a limit was reached on the number of
 			 * requests/s on the frontend. We want to re-check ASAP, which
@@ -1614,7 +1614,7 @@ void listener_release(struct listener *l)
 			 * timer will have settled down.
 			 */
 			expire = tick_first(fe->task->expire, tick_add(now_ms, wait));
-			if (fe->task && tick_isset(expire))
+			if (tick_isset(expire))
 				task_schedule(fe->task, expire);
 		}
 	}