upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-18 18:19:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 21

BUG/MINOR: ssl: double-free on error path w/ ssl-f-use parser

Browse source 
In post_section_frontend_crt_init(), the crt_entry is populated by the
ssl_conf fromt the cfg_crt_node. On error path, the crt_list is
completely freed, including the ssl_conf structure. But the ssl_conf
structure was already freed when freeing the cfg_crt_node.

Fix the issue by doing a crtlist_dup_ssl_conf(n->ssl_conf) in the
crtlist_entry instead of an assignation.

Fix issue #3268.

Need to be backported as far as 3.2. The previous patch which adds the
crtlist_dup_ssl_conf() declaration is needed.
This commit is contained in:
William Lallemand 2026-02-16 15:22:47 +01:00
parent df8e05815c
commit 86df0e206e
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/cfgparse-ssl.c
View file

@ -2558,7 +2558,7 @@ static int post_section_frontend_crt_init()
}
/* must set the ssl_conf in case of duplication of the crtlist_entry */
entry->ssl_conf = n->ssl_conf;
entry->ssl_conf = crtlist_dup_ssl_conf(n->ssl_conf);
err_code |= crtlist_load_crt(n->ckch_conf->crt, n->ckch_conf, newlist, entry, n->filename, n->linenum, &err);
if (err_code & ERR_CODE)