From: Willy Tarreau <w@1wt.eu>
Date: Tue, 23 Jul 2019 12:37:47 +0000 (+0200)
Subject: BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream
X-Git-Tag: v2.1-dev2~289
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef91c939f364367bdc48f1b234c138d743abf56c;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream

Github user @jpulz reported a crash with tcp-checks in issue #184
where cs==NULL. If we enter the function with cs==NULL and check->result
!= CHK_RES_UKNOWN, we'll go directly to out_end_tcpcheck and dereference
cs. We must validate there that cs is valid (and conn at the same time
since it would be NULL as well).

This fix must be backported as far as 1.8.
---

diff --git a/src/checks.c b/src/checks.c
index 61acb17c0f..d91e23922d 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -3204,7 +3204,7 @@ static int tcpcheck_main(struct check *check)
 
  out_end_tcpcheck:
 	/* collect possible new errors */
-	if (conn->flags & CO_FL_ERROR || cs->flags & CS_FL_ERROR)
+	if ((conn && conn->flags & CO_FL_ERROR) || (cs && cs->flags & CS_FL_ERROR))
 		chk_report_conn_err(check, 0, 0);
 
 	/* cleanup before leaving */