RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-19 12:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified

Browse Source 
When a CA or a CRL entry is being modified, we must take care to no delete
it because the corresponding ongoing transaction still references it. If we
do so, it leads to a null-deref and a crash may be exeperienced if changes
are commited.

This patch must be backported as far as 2.5.
This commit is contained in:
Christopher Faulet 2022-05-31 18:06:30 +02:00
parent 926fefca8d
commit 1f08fa46fb
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/ssl_ckch.c
View File

@ -3252,6 +3252,11 @@ static int cli_parse_del_cafile(char **args, char *payload, struct appctx *appct
filename = args[3];
if (cafile_transaction.path && strcmp(cafile_transaction.path, filename) == 0) {
memprintf(&err, "ongoing transaction for the CA file '%s'", filename);
goto error;
}
cafile_entry = ssl_store_get_cafile_entry(filename, 0);
if (!cafile_entry) {
memprintf(&err, "CA file '%s' doesn't exist!\n", filename);
@ -3524,6 +3529,11 @@ static int cli_parse_del_crlfile(char **args, char *payload, struct appctx *appc
filename = args[3];
if (crlfile_transaction.path && strcmp(crlfile_transaction.path, filename) == 0) {
memprintf(&err, "ongoing transaction for the CRL file '%s'", filename);
goto error;
}
cafile_entry = ssl_store_get_cafile_entry(filename, 0);
if (!cafile_entry) {
memprintf(&err, "CRL file '%s' doesn't exist!\n", filename);