BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend

A typo was introduced in the following commit : 927b88ba0 ("BUG/MAJOR:
mux-h2: fix race condition between close on both ends") making the test
on h2s->cs never being done and h2c->cs being dereferenced without being
tested. This also confirms that this condition does not happen on this
side but better fix it right now to be safe.

This must be backported to 1.9.

diff --git a/src/mux_h2.c b/src/mux_h2.c
index eca85cbe216e95a4a4d050f77ee336e4f06317d0..6105f1bce1043211ab048986914b5d8d386b1587 100644 (file)
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -2078,7 +2078,7 @@ static struct h2s *h2c_bck_handle_headers(struct h2c *h2c, struct h2s *h2s)
                h2s->st = H2_SS_ERROR;
        else if (h2s->cs && (h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_OPEN)
                h2s->st = H2_SS_HREM;
-       else if ((!h2s || h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_HLOC)
+       else if ((!h2s->cs || h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_HLOC)
                h2s_close(h2s);
 
        return h2s;