RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-05-16 22:58:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified

Browse Source 
When a certificate entry is being modified, we must take care to no delete
it because the corresponding ongoing transaction still references it. If we
do so, it leads to a null-deref and a crash may be exeperienced if changes
are commited.

This patch must be backported as far as 2.2.
This commit is contained in:
Christopher Faulet 2022-05-31 18:04:25 +02:00
parent 4329dcc2fc
commit 926fefca8d
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssl_ckch.c
View File

@ -2502,6 +2502,11 @@ static int cli_parse_del_cert(char **args, char *payload, struct appctx *appctx,
filename = args[3];
if (ckchs_transaction.path && strcmp(ckchs_transaction.path, filename) == 0) {
memprintf(&err, "ongoing transaction for the certificate '%s'", filename);
goto error;
}
store = ckchs_lookup(filename);
if (store == NULL) {
memprintf(&err, "certificate '%s' doesn't exist!\n", filename);