BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode

The master process encounter a crash when trying to access an old
process which left from the master CLI.

To reproduce the problem, you need a prompt to a previous worker, then
wait for this worker to leave, once it left launch a command from this
prompt. The s->target is then filled with a NULL which is dereferenced
when trying to connect().

This patch fixes the problem by checking if s->target is NULL.

Must be backported as far as 2.0.

(cherry picked from commit dcbe7b91d69f6857961d1545ae71205d9afb905f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit eed682a8a9dfef9a463b28996a5830ff1b8495e3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit dd29e893d66153d9500355cdef1bac3a8908de45)
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/cli.c b/src/cli.c
index daf48a2..a89d313 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -2297,6 +2297,9 @@ read_again:
                        /* we can connect now */
                        s->target = pcli_pid_to_server(target_pid);
 
+                       if (!s->target)
+                               goto server_disconnect;
+
                        s->flags |= (SF_DIRECT | SF_ASSIGNED);
                        channel_auto_connect(req);
                }
@@ -2321,6 +2324,10 @@ send_help:
        b_reset(&req->buf);
        b_putblk(&req->buf, "help\n", 5);
        goto read_again;
+
+server_disconnect:
+       pcli_reply_and_close(s, "Can't connect to the target CLI!\n");
+       return 0;
 }
 
 int pcli_wait_for_response(struct stream *s, struct channel *rep, int an_bit)