From f31a4e302e2c24409fbf7bd2d30aa221968eb7a6 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 14 Mar 2024 09:29:09 +0100
Subject: [PATCH] BUG/MINOR: listener: Don't schedule frontend without task in
 listener_release()

null pointer dereference was reported by Coverity in listener_release()
function. Indeed, we must not try to schedule frontend without task when a
limit is still blocking the frontend. This issue was introduced by commit
65ae1347c7 ("BUG/MINOR: listener: Wake proxy's mngmt task up if necessary on
session release")

This patch should fix issue #2488. It must be backported to all stable
version with the commit above.
---
 src/listener.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/listener.c b/src/listener.c
index 86d4c44f5..6e37984a8 100644
--- a/src/listener.c
+++ b/src/listener.c
@@ -1606,7 +1606,7 @@ void listener_release(struct listener *l)
 		unsigned int wait;
 		int expire = TICK_ETERNITY;
 
-		if (fe->fe_sps_lim &&
+		if (fe->task && fe->fe_sps_lim &&
 		    (wait = next_event_delay(&fe->fe_sess_per_sec,fe->fe_sps_lim, 0))) {
 			/* we're blocking because a limit was reached on the number of
 			 * requests/s on the frontend. We want to re-check ASAP, which
@@ -1614,7 +1614,7 @@ void listener_release(struct listener *l)
 			 * timer will have settled down.
 			 */
 			expire = tick_first(fe->task->expire, tick_add(now_ms, wait));
-			if (fe->task && tick_isset(expire))
+			if (tick_isset(expire))
 				task_schedule(fe->task, expire);
 		}
 	}