From eec1d45f9dd352c230ba043d840ca4c39149f357 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 7 Jul 2020 10:48:13 +0200
Subject: [PATCH] BUG/MINOR: ssl: check conn in keylog sample fetch

Add a check on the conn pointer to avoid a NULL dereference in
smp_fetch_ssl_x_keylog().

The problem is not suppose to happen because the function is only used
for the frontend at the moment.

Introduced by 7d42ef5, 2.2 only.

Fix issue #733.
---
 src/ssl_sample.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 843554ceb..e53c08847 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -1121,6 +1121,9 @@ static int smp_fetch_ssl_x_keylog(const struct arg *args, struct sample *smp, co
 	conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
 	       smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
 
+	if (!conn)
+		return 0;
+
 	if (conn->flags & CO_FL_WAIT_XPRT) {
 		smp->flags |= SMP_F_MAY_CHANGE;
 		return 0;