BUG/MEDIUM: ssl: fix ssl_bind_conf double free

Since commit 2954c47 ("MEDIUM: ssl: allow crt-list caching"), the ssl_bind_conf is allocated directly in the crt-list, and the crt-list can be shared between several bind_conf. The deinit() code wasn't changed to handle that. This patch fixes the issue by removing the free of the ssl_conf in ssl_sock_free_all_ctx(). It should be completed with a patch that free the ssl_conf and the crt-list. Fix issue #700.
2025-04-21 14:35:45 +00:00 · 2020-06-23 11:02:17 +02:00 · 2020-06-23 11:02:17 +02:00 · 7df5c2dc3c
commit 7df5c2dc3c
parent c17a5fac57
2 changed files with 1 additions and 6 deletions
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@ -134,7 +134,7 @@ struct sni_ctx {
 	unsigned int neg:1;       /* reject if match */
 	unsigned int wild:1;      /* wildcard sni */
 	struct pkey_info kinfo;   /* pkey info */
-	struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */
+	struct ssl_bind_conf *conf; /* ptr to a crtlist's ssl_conf, must not be free from here */
 	struct list by_ckch_inst; /* chained in ckch_inst's list of sni_ctx */
 	struct ckch_inst *ckch_inst; /* instance used to create this sni_ctx */
 	struct ebmb_node name;    /* node holding the servername value */
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -4763,11 +4763,6 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
 		back = ebmb_next(node);
 		ebmb_delete(node);
 		SSL_CTX_free(sni->ctx);
-		if (!sni->order) { /* only free the CTX conf on its first occurrence */
-			ssl_sock_free_ssl_conf(sni->conf);
-			free(sni->conf);
-			sni->conf = NULL;
-		}
 		free(sni);
 		node = back;
 	}