From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 20 Mar 2024 10:25:31 +0000 (+0100)
Subject: BUG/MINOR: session: ensure conn owner is set after insert into session
X-Git-Tag: v3.0-dev6~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c130f74803bc8bb40a748f734b7e150b3a23daa7;p=thirdparty%2Fhaproxy.git

BUG/MINOR: session: ensure conn owner is set after insert into session

A crash could occured if a session_add_conn() would temporarily failed
when called via h2_detach(). In this case, connection owner is reset to
NULL. However, if this wasn't the last connection stream, the connection
won't be destroyed. When h2_detach() is recalled for another stream and
this time session_add_conn() succeeds, a crash will occur due to
session_check_idle_conn() invocation with a NULL connection owner.

To fix this, ensure connection owner is always set after
session_add_conn() success.

This bug is considered as minor as the only failure reason for
session_add_conn() is a pool allocation issue.

This should be backported up to all stable releases.
---

diff --git a/include/haproxy/session.h b/include/haproxy/session.h
index 0a73e74c3c..d9ff726a9a 100644
--- a/include/haproxy/session.h
+++ b/include/haproxy/session.h
@@ -206,6 +206,12 @@ static inline int session_add_conn(struct session *sess, struct connection *conn
 			MT_LIST_APPEND(&srv->sess_conns, &pconns->srv_el);
 	}
 	LIST_APPEND(&pconns->conn_list, &conn->sess_el);
+
+	/* Ensure owner is set for connection. It could have been resetted
+	 * prior on after a session_add_conn() failure.
+	 */
+	conn->owner = sess;
+
 	return 1;
 }