BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure

When we try to allocate a new SPOP stream, if an error is encountered,
spop_strm_destroy() is called to released the eventually allocated
stream. But, it must only be called if a stream was allocated. If the
reported error is an SPOP stream allocation failure, we must just leave to
avoid null-pointer dereference.

This patch should fix point 1 of the issue #2993. It must be backported as
far as 3.1.

(cherry picked from commit 8c4bb8cab37f72c451bc7685eaf58cb1c2f5fae2)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit f4f45adb3f98570d817c6e63b662001ca95292d3)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/mux_spop.c b/src/mux_spop.c
index 59ccf32..d7045fc 100644 (file)
--- a/src/mux_spop.c
+++ b/src/mux_spop.c
@@ -1241,7 +1241,8 @@ static struct spop_strm *spop_stconn_new(struct spop_conn *spop_conn, struct stc
 
   out:
        TRACE_DEVEL("leaving on error", SPOP_EV_SPOP_STRM_NEW|SPOP_EV_SPOP_STRM_END|SPOP_EV_SPOP_STRM_ERR, spop_conn->conn);
-       spop_strm_destroy(spop_strm);
+       if (spop_strm)
+               spop_strm_destroy(spop_strm);
        return NULL;
 }