From 4a05d6c7f46e7968602594ca007dcd60e58ea23a Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Fri, 10 Dec 2021 14:14:53 +0100
Subject: [PATCH] BUG/MEDIUM: mworker/cli: crash when trying to access an old
 PID in prompt mode

The master process encounter a crash when trying to access an old
process which left from the master CLI.

To reproduce the problem, you need a prompt to a previous worker, then
wait for this worker to leave, once it left launch a command from this
prompt. The s->target is then filled with a NULL which is dereferenced
when trying to connect().

This patch fixes the problem by checking if s->target is NULL.

Must be backported as far as 2.0.

(cherry picked from commit dcbe7b91d69f6857961d1545ae71205d9afb905f)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit eed682a8a9dfef9a463b28996a5830ff1b8495e3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit dd29e893d66153d9500355cdef1bac3a8908de45)
Signed-off-by: Willy Tarreau <w@1wt.eu>
---
 src/cli.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/cli.c b/src/cli.c
index daf48a2..a89d313 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -2297,6 +2297,9 @@ read_again:
 			/* we can connect now */
 			s->target = pcli_pid_to_server(target_pid);
 
+			if (!s->target)
+				goto server_disconnect;
+
 			s->flags |= (SF_DIRECT | SF_ASSIGNED);
 			channel_auto_connect(req);
 		}
@@ -2321,6 +2324,10 @@ send_help:
 	b_reset(&req->buf);
 	b_putblk(&req->buf, "help\n", 5);
 	goto read_again;
+
+server_disconnect:
+	pcli_reply_and_close(s, "Can't connect to the target CLI!\n");
+	return 0;
 }
 
 int pcli_wait_for_response(struct stream *s, struct channel *rep, int an_bit)
-- 
1.7.10.4