RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-28 08:30:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: Destroy ckch instances before the store during deinit

Browse Source 
The ckch_store's free'ing function might end up calling
'ssl_sock_free_ocsp' if the corresponding certificate had ocsp data.
This ocsp cleanup function expects for the 'refcount_instance' member of
the certificate_ocsp structure to be 0, meaning that no live
ckch instance kept a reference on this certificate_ocsp structure.
But since in ckch_store_free we were destroying the ckch_data before
destroying the linked instances, the BUG_ON would fail during a standard
deinit. Reversing the cleanup order fixes the problem.

Must be backported to 2.8.
This commit is contained in:
Remi Tricot-Le Breton 2024-02-07 16:38:44 +01:00 committed by William Lallemand
parent befebf8b51
commit a290db5706
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ssl_ckch.c
View File

@ -888,14 +888,14 @@ void ckch_store_free(struct ckch_store *store)
if (!store)
return;
ssl_sock_free_cert_key_and_chain_contents(store->data);
ha_free(&store->data);
list_for_each_entry_safe(inst, inst_s, &store->ckch_inst, by_ckchs) {
ckch_inst_free(inst);
}
ebmb_delete(&store->node);
ssl_sock_free_cert_key_and_chain_contents(store->data);
ha_free(&store->data);
free(store);
}