upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-18 18:19:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 21

BUG/MINOR: ssl: error with ssl-f-use when no "crt"
Some checks are pending
Contrib / build (push) Waiting to run
Details
alpine/musl / gcc (push) Waiting to run
Details
VTest / Generate Build Matrix (push) Waiting to run
Details
VTest / (push) Blocked by required conditions
Details
Windows / Windows, gcc, all features (push) Waiting to run
Details

Browse source 
ssl-f-use lines tries to load a crt file, but the "crt" keyword is not
mandatory. That could lead to crtlist_load_crt() being called with a
NULL path, and trying to do a stat.

In this particular case we don't need to try anything and it's better to
leave with an actual error.

Must be backported as far as 3.2.
This commit is contained in:
William Lallemand 2026-02-16 18:41:40 +01:00
parent 0016d45a9c
commit 1274c21a42
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/ssl_crtlist.c
View file

@ -515,6 +515,13 @@ int crtlist_load_crt(char *crt_path, struct ckch_conf *cc, struct crtlist *newli
struct stat st;
int cfgerr = 0;
if (!crt_path) {
memprintf(err, "%sTrying to load a certificate but no 'crt' keyword specified.\n",
err && *err ? *err : "");
cfgerr |= ERR_ALERT | ERR_FATAL;
goto error;
}
/* Look for a ckch_store or create one */
ckchs = ckchs_lookup(crt_path);
if (ckchs == NULL) {