From ca56fce8bd271928b18d38b439bd35bd273fe8d4 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipitsine@gmail.com>
Date: Sat, 15 Sep 2018 00:50:05 +0500
Subject: [PATCH] BUG/MINOR: connection: avoid null pointer dereference in
 send-proxy-v2

found by coverity.

[wt: this bug was introduced by commit 404d978 ("MINOR: add ALPN
 information to send-proxy-v2"). It might be triggered by a health
 check on a server using ppv2 or by an applet making use of such a
 server, if at all configurable].

This needs to be backported to 1.8.
---
 src/connection.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/connection.c b/src/connection.c
index 06e1ed840..c0da874bd 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -996,6 +996,7 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag)
 	return 0;
 }
 
+/* Note: <remote> is explicitly allowed to be NULL */
 int make_proxy_line(char *buf, int buf_len, struct server *srv, struct connection *remote)
 {
 	int ret = 0;
@@ -1107,6 +1108,7 @@ static int make_tlv(char *dest, int dest_len, char type, uint16_t length, const
 	return length + sizeof(*tlv);
 }
 
+/* Note: <remote> is explicitly allowed to be NULL */
 int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connection *remote)
 {
 	const char pp2_signature[] = PP2_SIGNATURE;
@@ -1191,7 +1193,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct server *srv, struct connec
 		ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_CRC32C, sizeof(zero_crc32c), (const char *)&zero_crc32c);
 	}
 
-	if (conn_get_alpn(remote, &value, &value_len)) {
+	if (remote && conn_get_alpn(remote, &value, &value_len)) {
 		if ((buf_len - ret) < sizeof(struct tlv))
 			return 0;
 		ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_ALPN, value_len, value);