upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-04-21 06:06:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

BUG/MINOR: ssl: prevent multiple 'crt' on the same ssl-f-use line

Browse source 
The 'ssl-f-use' implementation doesn't prevent to have multiple time the
'crt' keyword, which overwrite the previous value. Letting users think
that is it possible to use multiple certificates on the same line, which
is not the case.

This patch emits an alert when setting the 'crt' keyword multiple times
on the same ssl-f-use line.

Should fix issue #2966.

No backport needed.
This commit is contained in:
William Lallemand 2025-05-09 18:52:09 +02:00
parent 0c4abf5a22
commit 9ce3fb35a2
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/cfgparse-ssl.c
View file

@ -2208,6 +2208,10 @@ static int proxy_parse_ssl_f_use(char **args, int section_type, struct proxy *cu
char path[MAXPATHLEN+1];
const char *arg = args[cur_arg+1];
if (ckch_conf->crt) {
memprintf(err, "'%s' already specified, aborting.", "crt");
goto error;
}
if (*arg != '@' && *arg != '/' && global_ssl.crt_base) {
if ((strlen(global_ssl.crt_base) + 1 + strlen(arg)) > sizeof(path) ||
snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, arg) > sizeof(path)) {