BUG/MINOR: sample: fix NULL strm dereference in sample_conv_when

Several cases in sample_conv_when (FORWARDED, TOAPPLET, PROCESSED, ACL)
access smp->strm->scb without checking if strm is NULL. The strm field
may be NULL (e.g., tcp-request connection). Let's add NULL checks to
prevent dereferencing a NULL pointer.

This should be backported to 3.1.

diff --git a/src/sample.c b/src/sample.c
index 154adbde84fa23295f54a78d2ba6aff873e0097e..24891d457ded23b5562f476e3df73554a021a5df 100644 (file)
--- a/src/sample.c
+++ b/src/sample.c
@@ -4028,20 +4028,20 @@ static int sample_conv_when(const struct arg *arg_p, struct sample *smp, void *p
                break;
 
        case WHEN_COND_FORWARDED: // true if forwarded to a connection
-               ret = !!sc_conn(smp->strm->scb);
+               ret = strm && !!sc_conn(strm->scb);
                break;
 
        case WHEN_COND_TOAPPLET:  // true if handled as an applet
-               ret = !!sc_appctx(smp->strm->scb);
+               ret = strm && !!sc_appctx(strm->scb);
                break;
 
        case WHEN_COND_PROCESSED: // true if forwarded or appctx
-               ret = sc_conn(smp->strm->scb) || sc_appctx(smp->strm->scb);
+               ret = strm && (sc_conn(strm->scb) || sc_appctx(strm->scb));
                break;
 
        case WHEN_COND_ACL: // true if the ACL pointed to by args[2] evaluates to true
                acl_sample = arg_p[2].data.ptr;
-               ret = acl_exec_cond(&acl_sample->cond, smp->px, smp->sess, smp->strm, smp->opt) == ACL_TEST_PASS;
+               ret = acl_exec_cond(&acl_sample->cond, smp->px, smp->sess, strm, smp->opt) == ACL_TEST_PASS;
                break;
        }