RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-30 10:06:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: stconn: don't set the type before allocation succeeds

Browse Source 
There's an occasional crash that can be triggered in sc_detach_endp()
when calling conn->mux->detach() upon memory allocation error. The
problem in fact comes from sc_attach_mux(), which doesn't reset the
sc type flags upon tasklet allocation failure, leading to an attempt
at detaching an incompletely initialized stconn. Let's just attach
the sc after the tasklet allocation succeeds, not before.

This must be backported to 2.6.
This commit is contained in:
Willy Tarreau 2023-03-20 19:45:41 +01:00
parent 389ab0d4b4
commit e2f7946339
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/stconn.c
View File

@ -256,12 +256,6 @@ int sc_attach_mux(struct stconn *sc, void *sd, void *ctx)
struct connection *conn = ctx;
struct sedesc *sedesc = sc->sedesc;
sedesc->se = sd;
sedesc->conn = ctx;
se_fl_set(sedesc, SE_FL_T_MUX);
se_fl_clr(sedesc, SE_FL_DETACHED);
if (!conn->ctx)
conn->ctx = sc;
if (sc_strm(sc)) {
if (!sc->wait_event.tasklet) {
sc->wait_event.tasklet = tasklet_new();
@ -286,6 +280,13 @@ int sc_attach_mux(struct stconn *sc, void *sd, void *ctx)
sc->app_ops = &sc_app_check_ops;
}
sedesc->se = sd;
sedesc->conn = ctx;
se_fl_set(sedesc, SE_FL_T_MUX);
se_fl_clr(sedesc, SE_FL_DETACHED);
if (!conn->ctx)
conn->ctx = sc;
return 0;
}