BUG/MEDIUM: server/cli: unlock server lock on failure in cli_parse_set_server

In cli_parse_set_server()'s 'ssl' branch, the server lock is taken,
and not released in case srv_set_ssl() fails, resulting in a dead lock
and a panic the next time an attempt to touch this server is made. The
lock must be released on all error paths.

This was introduced in 3.3 by commit f8f94ffc9 ("BUG/MEDIUM: server:
Use sni as pool connection name for SSL server only") which was marked
for backporting to 3.0, so this must likely be backported that far.

diff --git a/src/server.c b/src/server.c
index df87e747627cba527e02f977a5a93ce329290792..fce4ab71e235ab733bf805baef901dc57b348949 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -5711,11 +5711,13 @@ static int cli_parse_set_server(char **args, char *payload, struct appctx *appct
                HA_SPIN_LOCK(SERVER_LOCK, &sv->lock);
                if (strcmp(args[4], "on") == 0) {
                        if (srv_set_ssl(sv, 1)) {
+                               HA_SPIN_UNLOCK(SERVER_LOCK, &sv->lock);
                                cli_dynerr(appctx, memprintf(&err, "failed to enable ssl for server %s.\n", args[2]));
                                goto out;
                        }
                } else if (strcmp(args[4], "off") == 0) {
                        if (srv_set_ssl(sv, 0)) {
+                               HA_SPIN_UNLOCK(SERVER_LOCK, &sv->lock);
                                cli_dynerr(appctx, memprintf(&err, "failed to disable ssl for server %s.\n", args[2]));
                                goto out;
                        }