RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-06 19:38:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl: free the ckch instance linked to a server

Browse Source 
This patch unlinks and frees the ckch instance linked to a server during
the free of this server.

This could have locked certificates in a "Used" state when removing
servers dynamically from the CLI. And could provoke a segfault once we
try to dynamically update the certificate after that.

This must be backported as far as 2.4.
This commit is contained in:
William Lallemand 2021-12-30 14:45:19 +01:00
parent 231610ad9c
commit e69563fd8e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_sock.c
View File

@ -5247,6 +5247,8 @@ void ssl_sock_free_srv_ctx(struct server *srv)
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
ha_free(&srv->ssl_ctx.ciphersuites);
#endif
/* If there is a certificate we must unlink the ckch instance */
ckch_inst_free(srv->ssl_ctx.inst);
}
/* Walks down the two trees in bind_conf and frees all the certs. The pointer may