BUG/MINOR: session: ensure conn owner is set after insert into session

A crash could occured if a session_add_conn() would temporarily failed
when called via h2_detach(). In this case, connection owner is reset to
NULL. However, if this wasn't the last connection stream, the connection
won't be destroyed. When h2_detach() is recalled for another stream and
this time session_add_conn() succeeds, a crash will occur due to
session_check_idle_conn() invocation with a NULL connection owner.

To fix this, ensure connection owner is always set after
session_add_conn() success.

This bug is considered as minor as the only failure reason for
session_add_conn() is a pool allocation issue.

This should be backported up to all stable releases.

diff --git a/include/haproxy/session.h b/include/haproxy/session.h
index 0a73e74c3c88b81e366517c3f06151bf8674b61e..d9ff726a9ac6946aa54c1b5afe71823775297100 100644 (file)
--- a/include/haproxy/session.h
+++ b/include/haproxy/session.h
@@ -206,6 +206,12 @@ static inline int session_add_conn(struct session *sess, struct connection *conn
                        MT_LIST_APPEND(&srv->sess_conns, &pconns->srv_el);
        }
        LIST_APPEND(&pconns->conn_list, &conn->sess_el);
+
+       /* Ensure owner is set for connection. It could have been resetted
+        * prior on after a session_add_conn() failure.
+        */
+       conn->owner = sess;
+
        return 1;
 }