From 67f9de8a946335e2bf16fe0e6063877cd4d51fb7 Mon Sep 17 00:00:00 2001
From: Daniel-Constantin Mierla <miconda@gmail.com>
Date: Fri, 3 Jul 2020 14:02:20 +0200
Subject: [PATCH] core: tcp - safety checks on emptly local tcp connection list

---
 src/core/tcp_read.c | 37 +++++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/src/core/tcp_read.c b/src/core/tcp_read.c
index 304fefb56d5..ed0a5753cb5 100644
--- a/src/core/tcp_read.c
+++ b/src/core/tcp_read.c
@@ -1689,10 +1689,10 @@ void release_tcpconn(struct tcp_connection* c, long state, int unix_sock)
 static ticks_t tcpconn_read_timeout(ticks_t t, struct timer_ln* tl, void* data)
 {
 	struct tcp_connection *c;
-	
-	c=(struct tcp_connection*)data; 
+
+	c=(struct tcp_connection*)data;
 	/* or (struct tcp...*)(tl-offset(c->timer)) */
-	
+
 	if (likely(!(c->state<0) && TICKS_LT(t, c->timeout))){
 		/* timeout extended, exit */
 		return (ticks_t)(c->timeout - t);
@@ -1706,9 +1706,10 @@ static ticks_t tcpconn_read_timeout(ticks_t t, struct timer_ln* tl, void* data)
 					ip_addr2a(&c->rcv.src_ip), c->rcv.src_port,
 					ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port);
 	}
-	tcpconn_listrm(tcp_conn_lst, c, c_next, c_prev);
-	release_tcpconn(c, (c->state<0)?CONN_ERROR:CONN_RELEASE, tcpmain_sock);
-	
+	if(tcp_conn_lst!=NULL) {
+		tcpconn_listrm(tcp_conn_lst, c, c_next, c_prev);
+		release_tcpconn(c, (c->state<0)?CONN_ERROR:CONN_RELEASE, tcpmain_sock);
+	}
 	return 0;
 }
 
@@ -1836,8 +1837,10 @@ inline static int handle_io(struct fd_map* fm, short events, int idx)
 							ip_addr2a(&ec->rcv.dst_ip), ec->rcv.dst_port);
 
 				}
-				tcpconn_listrm(tcp_conn_lst, con, c_next, c_prev);
-				local_timer_del(&tcp_reader_ltimer, &con->timer);
+				if(tcp_conn_lst!=NULL) {
+					tcpconn_listrm(tcp_conn_lst, con, c_next, c_prev);
+					local_timer_del(&tcp_reader_ltimer, &con->timer);
+				}
 				goto con_error;
 			}
 			break;
@@ -1877,11 +1880,13 @@ inline static int handle_io(struct fd_map* fm, short events, int idx)
 							ip_addr2a(&con->rcv.src_ip), con->rcv.src_port,
 							ip_addr2a(&con->rcv.dst_ip), con->rcv.dst_port);
 				}
-				tcpconn_listrm(tcp_conn_lst, con, c_next, c_prev);
-				local_timer_del(&tcp_reader_ltimer, &con->timer);
-				if (unlikely(resp!=CONN_EOF))
-					con->state=S_CONN_BAD;
-				release_tcpconn(con, resp, tcpmain_sock);
+				if(tcp_conn_lst!=NULL) {
+					tcpconn_listrm(tcp_conn_lst, con, c_next, c_prev);
+					local_timer_del(&tcp_reader_ltimer, &con->timer);
+					if (unlikely(resp!=CONN_EOF))
+						con->state=S_CONN_BAD;
+					release_tcpconn(con, resp, tcpmain_sock);
+				}
 			}else{
 #ifdef USE_TLS
 				if (unlikely(read_flags & RD_CONN_REPEAT_READ))
@@ -1889,8 +1894,8 @@ inline static int handle_io(struct fd_map* fm, short events, int idx)
 #endif /* USE_TLS */
 				/* update timeout */
 				con->timeout=get_ticks_raw()+S_TO_TICKS(TCP_CHILD_TIMEOUT);
-				/* ret= 0 (read the whole socket buffer) if short read & 
-				 *  !POLLPRI,  bytes read otherwise */
+				/* ret= 0 (read the whole socket buffer) if short read
+				 * & !POLLPRI,  bytes read otherwise */
 				ret&=(((read_flags & RD_CONN_SHORT_READ) &&
 						!(events & POLLPRI)) - 1);
 			}
@@ -1904,7 +1909,7 @@ inline static int handle_io(struct fd_map* fm, short events, int idx)
 			LM_CRIT("unknown fd type %d\n", fm->type);
 			goto error;
 	}
-	
+
 	return ret;
 con_error:
 	con->state=S_CONN_BAD;