From e4812404c541018ba521abf6573be92553ba7c53 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Wed, 28 Aug 2024 15:42:22 +0200 Subject: [PATCH] BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready If an early error occurred on the client connection, we must prevent any multiplexer upgrades. Indeed, it is unexpected for a mux to be initialized with no xprt. On a normal workflow it is impossible. So it is not an issue. But if a mux upgrade is performed at the stream level, an early error on the connection may have already been handled by the previous mux and the connection may be already fully closed. If the mux upgrade is still performed, a crash can be experienced. It is possible to have a crash with an implicit TCP>HTTP upgrade if there is no data in the input buffer. But it is also possible to get a crash with an explicit "switch-mode http" rule. It must be backported to all stable versions. In 2.2, the patch must be applied directly in stream_set_backend() function. --- src/stream.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/stream.c b/src/stream.c index c78c6a10a..4e87aab54 100644 --- a/src/stream.c +++ b/src/stream.c @@ -1489,6 +1489,10 @@ int stream_set_http_mode(struct stream *s, const struct mux_proto_list *mux_prot return 0; conn = sc_conn(sc); + + if (!sc_conn_ready(sc)) + return 0; + if (conn) { se_have_more_data(s->scf->sedesc); /* Make sure we're unsubscribed, the the new