From: Olivier Houchard <ohouchard@haproxy.com>
Date: Fri, 24 Jan 2020 13:10:55 +0000 (+0100)
Subject: BUG/MEDIUM: streams: Move the conn_stream allocation outside #IF USE_OPENSSL.
X-Git-Tag: v2.2-dev2~77
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ecffb7d841581694134b45dacf883d6643ce3bce;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: streams: Move the conn_stream allocation outside #IF USE_OPENSSL.

When commit 477902bd2e8c1e978ad43d22dba1f28525bb797a made the conn_stream
allocation unconditional, it unfortunately moved the code doing the allocation
inside #if USE_OPENSSL, which means anybody compiling haproxy without
openssl wouldn't allocate any conn_stream, and would get a segfault later.
Fix that by moving the code that does the allocation outside #if USE_OPENSSL.
---

diff --git a/src/backend.c b/src/backend.c
index 2cf8c751ac..1c0cf660b7 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1386,13 +1386,13 @@ int connect_server(struct stream *s)
 		else
 			return SF_ERR_INTERNAL;  /* how did we get there ? */
 
-#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
 		srv_cs = si_alloc_cs(&s->si[1], srv_conn);
 		if (!srv_cs) {
 			conn_free(srv_conn);
 			return SF_ERR_RESOURCE;
 		}
 		srv_conn->ctx = srv_cs;
+#if defined(USE_OPENSSL) && defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
 		if (!srv ||
 		    ((!(srv->ssl_ctx.alpn_str) && !(srv->ssl_ctx.npn_str)) ||
 		    srv->mux_proto || s->be->mode != PR_MODE_HTTP))