BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock
In the function fwlc_srv_reposition(), the server's lb_tree is tested from
outside the lock. So it is possible to remove it after the test and then call
eb32_insert() in fwlc_queue_srv() with a NULL root pointer, which is
invalid. Moving the test in the scope of the lock fixes the bug.
This issue was reported on Github, issue #126.
This patch must be backported to 2.0, 1.9 and 1.8.
diff --git a/src/lb_fwlc.c b/src/lb_fwlc.c
index 174dc67..5fa8173 100644
--- a/src/lb_fwlc.c
+++ b/src/lb_fwlc.c
@@ -66,12 +66,11 @@
*/
static void fwlc_srv_reposition(struct server *s)
{
- if (!s->lb_tree)
- return;
-
HA_SPIN_LOCK(LBPRM_LOCK, &s->proxy->lbprm.lock);
- fwlc_dequeue_srv(s);
- fwlc_queue_srv(s);
+ if (s->lb_tree) {
+ fwlc_dequeue_srv(s);
+ fwlc_queue_srv(s);
+ }
HA_SPIN_UNLOCK(LBPRM_LOCK, &s->proxy->lbprm.lock);
}