From: William Lallemand <wlallemand@haproxy.org>
Date: Fri, 10 Dec 2021 13:14:53 +0000 (+0100)
Subject: BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode
X-Git-Tag: v2.6-dev1~294
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dcbe7b91d69f6857961d1545ae71205d9afb905f;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode

The master process encounter a crash when trying to access an old
process which left from the master CLI.

To reproduce the problem, you need a prompt to a previous worker, then
wait for this worker to leave, once it left launch a command from this
prompt. The s->target is then filled with a NULL which is dereferenced
when trying to connect().

This patch fixes the problem by checking if s->target is NULL.

Must be backported as far as 2.0.
---

diff --git a/src/cli.c b/src/cli.c
index e4af2e99b3..1ed0b6dc81 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -2456,6 +2456,9 @@ read_again:
 			/* we can connect now */
 			s->target = pcli_pid_to_server(target_pid);
 
+			if (!s->target)
+				goto server_disconnect;
+
 			s->flags |= (SF_DIRECT | SF_ASSIGNED);
 			channel_auto_connect(req);
 		}
@@ -2480,6 +2483,10 @@ send_help:
 	b_reset(&req->buf);
 	b_putblk(&req->buf, "help\n", 5);
 	goto read_again;
+
+server_disconnect:
+	pcli_reply_and_close(s, "Can't connect to the target CLI!\n");
+	return 0;
 }
 
 int pcli_wait_for_response(struct stream *s, struct channel *rep, int an_bit)