BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream

Github user @jpulz reported a crash with tcp-checks in issue #184
where cs==NULL. If we enter the function with cs==NULL and check->result
!= CHK_RES_UKNOWN, we'll go directly to out_end_tcpcheck and dereference
cs. We must validate there that cs is valid (and conn at the same time
since it would be NULL as well).

This fix must be backported as far as 1.8.

diff --git a/src/checks.c b/src/checks.c
index 61acb17c0f96f4b780dfce75b4032089cb6ea23e..d91e23922deb7967c3d8b36f48258d5027c149f7 100644 (file)
--- a/src/checks.c
+++ b/src/checks.c
@@ -3204,7 +3204,7 @@ static int tcpcheck_main(struct check *check)
 
  out_end_tcpcheck:
        /* collect possible new errors */
-       if (conn->flags & CO_FL_ERROR || cs->flags & CS_FL_ERROR)
+       if ((conn && conn->flags & CO_FL_ERROR) || (cs && cs->flags & CS_FL_ERROR))
                chk_report_conn_err(check, 0, 0);
 
        /* cleanup before leaving */