From b167426b6bf64f1c5ade38dfe4bf12379170a8b7 Mon Sep 17 00:00:00 2001 From: Aurelien DARRAGON Date: Mon, 2 Dec 2024 16:22:28 +0100 Subject: [PATCH] BUG/MINOR: listener: fix potential null pointer dereference in listener_release() As reported by @Bbulatov on GH #2804, fe is found at multiple places in listener_release(): in some places it is first checked against NULL before being de-referenced while in some other places it is not, which is ambiguous and could hide a bug. In practise, fe cannot be NULL for now, but it might not be the case in the future as we want to keep the possibility to run isolated listeners (that is, without proxy attached). We've already ensured this was the case with a57786e ("BUG/MINOR: listener: null pointer dereference suspected by coverity"), but this promise was recently broken by 65ae134 ("BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on session release"). Let's fix that by conditionning the block with an "else if" statement instead of a regular "else". No need for backport except if multi-connection protocols (ie: FTP) were to be backported as well. --- src/listener.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/listener.c b/src/listener.c index 7518f34ad..5f3a98b4a 100644 --- a/src/listener.c +++ b/src/listener.c @@ -1622,7 +1622,7 @@ void listener_release(struct listener *l) if (fe && !MT_LIST_ISEMPTY(&fe->listener_queue) && (!fe->fe_sps_lim || freq_ctr_remain(&fe->fe_counters.sess_per_sec, fe->fe_sps_lim, 0) > 0)) dequeue_proxy_listeners(fe, 0); - else { + else if (fe) { unsigned int wait; int expire = TICK_ETERNITY;