RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-05 21:11:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: ssl: Limit ocsp_uri buffer size to minimum

Browse Source 
The ocsp_uri field of the certificate_ocsp structure was a 16k buffer
when it could be hand allocated to just the required size to store the
OCSP uri. This field is now behaving the same way as the sctl and
ocsp_response buffers of the ckch_store structure.
This commit is contained in:
Remi Tricot-Le Breton 2023-01-09 12:02:48 +01:00 committed by William Lallemand
parent 2d1daa8095
commit 648c83ecdd
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_ocsp.c
View File

@ -373,8 +373,10 @@ void ssl_sock_free_ocsp(struct certificate_ocsp *ocsp)
sk_X509_pop_free(ocsp->chain, X509_free);
ocsp->chain = NULL;
chunk_destroy(&ocsp->response);
free_trash_chunk(ocsp->uri);
ocsp->uri = NULL;
if (ocsp->uri) {
ha_free(&ocsp->uri->area);
ha_free(&ocsp->uri);
}
free(ocsp);
}

8
src/ssl_sock.c
View File

@ -1255,11 +1255,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, struct ckch_data *data, STACK_OF(X50
if (data->chain)
iocsp->chain = X509_chain_up_ref(data->chain);
iocsp->uri = alloc_trash_chunk();
if (!iocsp->uri)
goto out;
if (!chunk_cpy(iocsp->uri, ocsp_uri))
iocsp->uri = calloc(1, sizeof(*iocsp->uri));
if (!chunk_dup(iocsp->uri, ocsp_uri)) {
ha_free(&iocsp->uri);
goto out;
}
ssl_ocsp_update_insert(iocsp);
}