BUG/MEDIUM: muxes: Make sure nobody stole the connection before using it. In the various timeout functions, make sure nobody stole the connection from us before attempting to doing anything with it, there's a very small race condition between the time we access the task context, and the time we actually check it again with the lock, where it could have been free'd.

commit: 48ce6a3ab181bf7b90376008d7fb077df57387c0 [log] [tgz]
author: Olivier Houchard <cognet@ci0.org> Thu Jul 02 11:58:05 2020 +0200
committer: Willy Tarreau <w@1wt.eu> Thu Jul 02 14:17:25 2020 +0200
tree: 9bfdbc1eb25643697431512fbe901985e5bd58e5
parent: 54d31170a9a8bf126cb7d1783bbdb806f742cc0d [diff] [blame]
diff --git a/src/mux_h1.c b/src/mux_h1.c
index a294c65..89c55b4 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c

@@ -2311,14 +2311,13 @@
 		 */
 		HA_SPIN_LOCK(OTHER_LOCK, &idle_conns[tid].takeover_lock);
 
-		if (h1c->conn->flags & CO_FL_LIST_MASK)
-			MT_LIST_DEL(&h1c->conn->list);
-
 		/* Somebody already stole the connection from us, so we should not
 		 * free it, we just have to free the task.
 		 */
 		if (!t->context)
 			h1c = NULL;
+		else if (h1c->conn->flags & CO_FL_LIST_MASK)
+			MT_LIST_DEL(&h1c->conn->list);
 
 		HA_SPIN_UNLOCK(OTHER_LOCK, &idle_conns[tid].takeover_lock);
 	}
commit	48ce6a3ab181bf7b90376008d7fb077df57387c0	[log] [tgz]
author	Olivier Houchard <cognet@ci0.org>	Thu Jul 02 11:58:05 2020 +0200
committer	Willy Tarreau <w@1wt.eu>	Thu Jul 02 14:17:25 2020 +0200
tree	9bfdbc1eb25643697431512fbe901985e5bd58e5
parent	54d31170a9a8bf126cb7d1783bbdb806f742cc0d [diff] [blame]