RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-21 05:00:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl/cli: don't alloc path when cert not found

Browse Source 
When doing an 'ssl set cert' with a certificate which does not exist in
configuration, the appctx->ctx.ssl.old_ckchs->path was duplicated while
app->ctx.ssl.old_ckchs was NULL, resulting in a NULL dereference.

Move the code so the 'not referenced' error is done before this.
This commit is contained in:
William Lallemand 2019-11-04 10:59:32 +01:00 committed by William Lallemand
parent 1753cb544d
commit 8a7fdf036b
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/ssl_sock.c
View File

@ -10342,15 +10342,6 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
}
appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
/* this is a new transaction, set the path of the transaction */
appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
if (!appctx->ctx.ssl.path) {
memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
errcode |= ERR_ALERT | ERR_FATAL;
goto end;
}
}
if (!appctx->ctx.ssl.old_ckchs) {
@ -10360,6 +10351,15 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
goto end;
}
if (!appctx->ctx.ssl.path) {
/* this is a new transaction, set the path of the transaction */
appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
if (!appctx->ctx.ssl.path) {
memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
errcode |= ERR_ALERT | ERR_FATAL;
goto end;
}
}
old_ckchs = appctx->ctx.ssl.old_ckchs;