BUG/MINOR: session: ensure conn owner is set after insert into session

A crash could occured if a session_add_conn() would temporarily failed when called via h2_detach(). In this case, connection owner is reset to NULL. However, if this wasn't the last connection stream, the connection won't be destroyed. When h2_detach() is recalled for another stream and this time session_add_conn() succeeds, a crash will occur due to session_check_idle_conn() invocation with a NULL connection owner. To fix this, ensure connection owner is always set after session_add_conn() success. This bug is considered as minor as the only failure reason for session_add_conn() is a pool allocation issue. This should be backported up to all stable releases.
2025-08-06 23:27:04 +02:00 · 2024-03-20 11:25:31 +01:00 · 2024-03-20 11:25:31 +01:00 · c130f74803
commit c130f74803
parent eb89e4f3e0
1 changed files with 6 additions and 0 deletions
--- a/include/haproxy/session.h
+++ b/include/haproxy/session.h
@ -206,6 +206,12 @@ static inline int session_add_conn(struct session *sess, struct connection *conn
 			MT_LIST_APPEND(&srv->sess_conns, &pconns->srv_el);
 	}
 	LIST_APPEND(&pconns->conn_list, &conn->sess_el);
+
+	/* Ensure owner is set for connection. It could have been resetted
+	 * prior on after a session_add_conn() failure.
+	 */
+	conn->owner = sess;
+
 	return 1;
 }