RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-04 23:29:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: double free on error for ckch->{key,cert}

Browse Source 
On last error in ssl_sock_load_pem_into_ckch, key/cert are released
and ckch->{key,cert} are released in ssl_sock_free_cert_key_and_chain_contents.
This commit is contained in:
Emmanuel Hocdet 2019-10-25 11:55:03 +02:00 committed by William Lallemand
parent ed17f47c71
commit 83cbd3c89f
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_sock.c
View File

@ -3097,7 +3097,7 @@ static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_
{ {
BIO *in = NULL; BIO *in = NULL;
int ret = 1; int ret = 1;
X509 *ca = NULL; X509 *ca;
X509 *cert = NULL; X509 *cert = NULL;
EVP_PKEY *key = NULL; EVP_PKEY *key = NULL;
DH *dh; DH *dh;
@ -3172,10 +3172,12 @@ static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_
if (ckch->key) /* free the previous key */ if (ckch->key) /* free the previous key */
EVP_PKEY_free(ckch->key); EVP_PKEY_free(ckch->key);
ckch->key = key; ckch->key = key;
key = NULL;
if (ckch->cert) /* free the previous cert */ if (ckch->cert) /* free the previous cert */
X509_free(ckch->cert); X509_free(ckch->cert);
ckch->cert = cert; ckch->cert = cert;
cert = NULL;
/* Look for a Certificate Chain */ /* Look for a Certificate Chain */
ca = PEM_read_bio_X509(in, NULL, NULL, NULL); ca = PEM_read_bio_X509(in, NULL, NULL, NULL);
@ -3215,12 +3217,10 @@ end:
ERR_clear_error(); ERR_clear_error();
if (in) if (in)
BIO_free(in); BIO_free(in);
if (ret != 0) {
if (key) if (key)
EVP_PKEY_free(key); EVP_PKEY_free(key);
if (cert) if (cert)
X509_free(cert); X509_free(cert);
}
return ret; return ret;
} }