haproxy/backport-BUG-MEDIUM-stream-Prevent-mux-upgrades-if-client-con.patch

From 56fb102c0c6094792fd38455b38b88a94454e996 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 28 Aug 2024 15:42:22 +0200
Subject: [PATCH] BUG/MEDIUM: stream: Prevent mux upgrades if client connection
 is no longer ready

If an early error occurred on the client connection, we must prevent any
multiplexer upgrades. Indeed, it is unexpected for a mux to be initialized
with no xprt. On a normal workflow it is impossible. So it is not an
issue. But if a mux upgrade is performed at the stream level, an early error
on the connection may have already been handled by the previous mux and the
connection may be already fully closed. If the mux upgrade is still
performed, a crash can be experienced.

It is possible to have a crash with an implicit TCP>HTTP upgrade if there is no
data in the input buffer. But it is also possible to get a crash with an
explicit "switch-mode http" rule.

It must be backported to all stable versions. In 2.2, the patch must be
applied directly in stream_set_backend() function.

(cherry picked from commit e4812404c541018ba521abf6573be92553ba7c53)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 13437097c312e524a346b9016d8ab273374d2053)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

Conflict: NA
Reference: https://github.com/haproxy/haproxy/commit/56fb102c0c6094792fd38455b38b88a94454e996
---
 src/stream.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/stream.c b/src/stream.c
index e643a6db6a05..89b7c238fe48 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -1488,6 +1488,10 @@ int stream_set_http_mode(struct stream *s, const struct mux_proto_list *mux_prot
 		return 0;
 
 	conn = sc_conn(sc);
+
+	if (!sc_conn_ready(sc))
+		return 0;
+
 	if (conn) {
 		se_have_more_data(s->scf->sedesc);
 		/* Make sure we're unsubscribed, the the new