From dc2ac81c41b2628ea1f37a915d377dc51e922e16 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 15 Jul 2020 17:46:32 +0200 Subject: [PATCH] BUG/MINOR: backend: fix potential null deref on srv_conn Commit 08016ab82 ("MEDIUM: connection: Add private connections synchronously in session server list") introduced a build warning about a potential null dereference which is actually true: in case a reuse fails an we fail to allocate a new connection, we could crash. The issue was already present earlier but the compiler couldn't detect it since it was guarded by an independent condition. This should be carefully backported to older versions (at least 2.2 and maybe 2.1), the change consists in only adding a test on srv_conn. The whole sequence of "if" blocks is ugly there and would deserve being cleaned up so that the !srv_conn condition is matched ASAP and the assignment is done later. This would remove complicated conditions. --- src/backend.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/backend.c b/src/backend.c index 6ec45d265..b305ec0c8 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1360,9 +1360,11 @@ int connect_server(struct stream *s) srv_conn = conn_new(s->target); srv_cs = NULL; - srv_conn->owner = s->sess; - if ((s->be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR) - conn_set_private(srv_conn); + if (srv_conn) { + srv_conn->owner = s->sess; + if ((s->be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR) + conn_set_private(srv_conn); + } } if (!srv_conn || !sockaddr_alloc(&srv_conn->dst)) {