From: Willy Tarreau <w@1wt.eu>
Date: Tue, 23 Jun 2020 03:58:20 +0000 (+0200)
Subject: BUG/MINOR: http_ana: clarify connection pointer check on L7 retry
X-Git-Tag: v2.2-dev11~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee99aaf1f9bad06475aaf8c5dc3c0986a9899952;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http_ana: clarify connection pointer check on L7 retry

Coverity reports a possible null deref in issue #703. It seems this
cannot happen as in order to have a CF_READ_ERROR we'd need to have
attempted a recv() which implies a conn_stream, thus conn cannot be
NULL anymore. But at least one line tests for conn and the other one
not, which is confusing. So let's add a check for conn before
dereferencing it.

This needs to be backported to 2.1 and 2.0. Note that in 2.0 it's
in proto_htx.c.
---

diff --git a/src/http_ana.c b/src/http_ana.c
index 6be34bb361..bd63343262 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -1532,7 +1532,7 @@ int http_wait_for_response(struct stream *s, struct channel *rep, int an_bit)
 			/* Check to see if the server refused the early data.
 			 * If so, just send a 425
 			 */
-			if (conn->err_code == CO_ER_SSL_EARLY_FAILED) {
+			if (conn && conn->err_code == CO_ER_SSL_EARLY_FAILED) {
 				if ((s->be->retry_type & PR_RE_EARLY_ERROR) &&
 				    (si_b->flags & SI_FL_L7_RETRY) &&
 				    do_l7_retry(s, si_b) == 0) {