upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-05-21 09:25:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

BUG/MEDIUM: server/cli: unlock server lock on failure in cli_parse_set_server

Browse source 
In cli_parse_set_server()'s 'ssl' branch, the server lock is taken,
and not released in case srv_set_ssl() fails, resulting in a dead lock
and a panic the next time an attempt to touch this server is made. The
lock must be released on all error paths.

This was introduced in 3.3 by commit f8f94ffc9 ("BUG/MEDIUM: server:
Use sni as pool connection name for SSL server only") which was marked
for backporting to 3.0, so this must likely be backported that far.
This commit is contained in:
Willy Tarreau 2026-05-15 06:09:26 +00:00
parent 5b468a0820
commit 8aa99dfc74
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/server.c
View file

@ -5711,11 +5711,13 @@ static int cli_parse_set_server(char **args, char *payload, struct appctx *appct
HA_SPIN_LOCK(SERVER_LOCK, &sv->lock);
if (strcmp(args[4], "on") == 0) {
if (srv_set_ssl(sv, 1)) {
HA_SPIN_UNLOCK(SERVER_LOCK, &sv->lock);
cli_dynerr(appctx, memprintf(&err, "failed to enable ssl for server %s.\n", args[2]));
goto out;
}
} else if (strcmp(args[4], "off") == 0) {
if (srv_set_ssl(sv, 0)) {
HA_SPIN_UNLOCK(SERVER_LOCK, &sv->lock);
cli_dynerr(appctx, memprintf(&err, "failed to disable ssl for server %s.\n", args[2]));
goto out;
}