BUG/MEDIUM: muxes: Make sure nobody stole the connection before using it.
In the various timeout functions, make sure nobody stole the connection from
us before attempting to doing anything with it, there's a very small race
condition between the time we access the task context, and the time we
actually check it again with the lock, where it could have been free'd.
diff --git a/src/mux_h1.c b/src/mux_h1.c
index a294c65..89c55b4 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -2311,14 +2311,13 @@
*/
HA_SPIN_LOCK(OTHER_LOCK, &idle_conns[tid].takeover_lock);
- if (h1c->conn->flags & CO_FL_LIST_MASK)
- MT_LIST_DEL(&h1c->conn->list);
-
/* Somebody already stole the connection from us, so we should not
* free it, we just have to free the task.
*/
if (!t->context)
h1c = NULL;
+ else if (h1c->conn->flags & CO_FL_LIST_MASK)
+ MT_LIST_DEL(&h1c->conn->list);
HA_SPIN_UNLOCK(OTHER_LOCK, &idle_conns[tid].takeover_lock);
}