From ef91c939f364367bdc48f1b234c138d743abf56c Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 23 Jul 2019 14:37:47 +0200 Subject: [PATCH] BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream Github user @jpulz reported a crash with tcp-checks in issue #184 where cs==NULL. If we enter the function with cs==NULL and check->result != CHK_RES_UKNOWN, we'll go directly to out_end_tcpcheck and dereference cs. We must validate there that cs is valid (and conn at the same time since it would be NULL as well). This fix must be backported as far as 1.8. --- src/checks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/checks.c b/src/checks.c index 61acb17c0..d91e23922 100644 --- a/src/checks.c +++ b/src/checks.c @@ -3204,7 +3204,7 @@ static int tcpcheck_main(struct check *check) out_end_tcpcheck: /* collect possible new errors */ - if (conn->flags & CO_FL_ERROR || cs->flags & CS_FL_ERROR) + if ((conn && conn->flags & CO_FL_ERROR) || (cs && cs->flags & CS_FL_ERROR)) chk_report_conn_err(check, 0, 0); /* cleanup before leaving */