From: Willy Tarreau Date: Tue, 7 May 2019 16:10:10 +0000 (+0200) Subject: BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend X-Git-Tag: v2.0-dev3~80 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=201fe406534a95bdd8c46b25e81b11e9209ad2f1;p=thirdparty%2Fhaproxy.git BUG/MINOR: mux-h2: fix the condition to close a cs-less h2s on the backend A typo was introduced in the following commit : 927b88ba0 ("BUG/MAJOR: mux-h2: fix race condition between close on both ends") making the test on h2s->cs never being done and h2c->cs being dereferenced without being tested. This also confirms that this condition does not happen on this side but better fix it right now to be safe. This must be backported to 1.9. --- diff --git a/src/mux_h2.c b/src/mux_h2.c index eca85cbe21..6105f1bce1 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -2078,7 +2078,7 @@ static struct h2s *h2c_bck_handle_headers(struct h2c *h2c, struct h2s *h2s) h2s->st = H2_SS_ERROR; else if (h2s->cs && (h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_OPEN) h2s->st = H2_SS_HREM; - else if ((!h2s || h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_HLOC) + else if ((!h2s->cs || h2s->cs->flags & (CS_FL_EOI|CS_FL_REOS)) && h2s->st == H2_SS_HLOC) h2s_close(h2s); return h2s;