From d822013f45dea36d23a01a1d2f3680525fbc5e95 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 28 Jan 2019 16:33:35 +0100
Subject: [PATCH] BUG/MEDIUM: backend: always call si_detach_endpoint() on
 async connection failure

In case an asynchronous connection (ALPN) succeeds but the mux fails to
attach, we must release the stream interface's endpoint, otherwise we
leave the stream interface with an endpoint pointing to a freed connection
with si_ops == si_conn_ops, and sess_update_st_cer() calls si_shutw() on
it, causing it to crash.

This must be backported to 1.9 only.
---
 src/backend.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/backend.c b/src/backend.c
index 6f9557563..e9f360530 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1108,6 +1108,8 @@ static int conn_complete_server(struct connection *conn)
 	return 0;
 
 fail:
+	si_detach_endpoint(&s->si[1]);
+
 	if (cs)
 		cs_free(cs);
 	/* kill the connection now */