From 13c1a01de6aa71acdaa831ae2f018439b58fc42c Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 29 Jun 2020 14:23:31 +0200 Subject: [PATCH] BUG/MINOR: debug: fix "show fd" null-deref when built with DEBUG_FD DEBUG_FD was added by commit 38e8a1c in 2.2-dev, and "show fd" was slightly modified to still allow to print orphaned/closed FDs if their count is non-null. But bypassing the existing test made it possible to dereference fdt.owner which can be null. Let's adjust the condition to avoid this. No backport is needed. --- src/cli.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/cli.c b/src/cli.c index b9afc1b20..3438fffe0 100644 --- a/src/cli.c +++ b/src/cli.c @@ -1005,14 +1005,13 @@ static int cli_io_handler_show_fd(struct appctx *appctx) /* When DEBUG_FD is set, we also report closed FDs that have a * non-null event count to detect stuck ones. */ - if (!fdt.owner + if (!fdt.owner) { #ifdef DEBUG_FD - && !fdt.event_count + if (!fdt.event_count) #endif - ) - goto skip; // closed - - if (fdt.iocb == conn_fd_handler) { + goto skip; // closed + } + else if (fdt.iocb == conn_fd_handler) { conn_flags = ((struct connection *)fdt.owner)->flags; mux = ((struct connection *)fdt.owner)->mux; ctx = ((struct connection *)fdt.owner)->ctx;