RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-11 03:31:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file

Browse Source 
This patch fixes missing allocation checks loading tls key file
and avoid memory leak in some error cases.

This patch should be backport on branches 1.9 and 1.8
This commit is contained in:
Emeric Brun 2019-01-10 10:51:13 +01:00 committed by Willy Tarreau
parent ed697e4856
commit 09852f70e0
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/ssl_sock.c
View File

@ -7820,15 +7820,36 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
}
keys_ref = malloc(sizeof(*keys_ref));
if (!keys_ref) {
if (err)
memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
}
keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
if (!keys_ref->tlskeys) {
free(keys_ref);
if (err)
memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
}
if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
}
keys_ref->filename = strdup(args[cur_arg + 1]);
if (!keys_ref->filename) {
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
}
while (fgets(thisline, sizeof(thisline), f) != NULL) {
int len = strlen(thisline);
@ -7840,6 +7861,9 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
thisline[--len] = 0;
if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
free(keys_ref->filename);
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
fclose(f);
@ -7849,6 +7873,9 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
}
if (i < TLS_TICKETS_NO) {
free(keys_ref->filename);
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
fclose(f);