haproxy

mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-30 01:52:53 +00:00

haproxy public development tree

Go to file

Frédéric Lécaille 7dab3e8266 BUG/MINOR: ssl: Double free of OCSP Certificate ID This bug could be reproduced loading several certificated from "bind" line: with "server_ocsp.pem" as argument to "crt" setting and updating the CDSA certificate with the RSA as follows: echo -e "set ssl cert reg-tests/ssl/ocsp_update/multicert/server_ocsp.pem.ecdsa \ <<\n$(cat reg-tests/ssl/ocsp_update/multicert/server_ocsp.pem.rsa)\n" \| socat - /tmp/stats followed by an "commit ssl cert reg-tests/ssl/ocsp_update/multicert/server_ocsp.pem.ecdsa" command. This could be detected by libasan as follows: ================================================================= ==507223==ERROR: AddressSanitizer: attempting double-free on 0x60200007afb0 in thread T3: #0 0x7fabc6fb5527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527) #1 0x7fabc6ae8f8c in ossl_asn1_string_embed_free (/opt/quictls/lib/libcrypto.so.81.3+0xd4f8c) #2 0x7fabc6af54e9 in ossl_asn1_primitive_free (/opt/quictls/lib/libcrypto.so.81.3+0xe14e9) #3 0x7fabc6af5960 in ossl_asn1_template_free (/opt/quictls/lib/libcrypto.so.81.3+0xe1960) #4 0x7fabc6af569f in ossl_asn1_item_embed_free (/opt/quictls/lib/libcrypto.so.81.3+0xe169f) #5 0x7fabc6af58a4 in ASN1_item_free (/opt/quictls/lib/libcrypto.so.81.3+0xe18a4) #6 0x46a159 in ssl_sock_free_cert_key_and_chain_contents src/ssl_ckch.c:723 #7 0x46aa92 in ckch_store_free src/ssl_ckch.c:869 #8 0x4704ad in cli_release_commit_cert src/ssl_ckch.c:1981 #9 0x962e83 in cli_io_handler src/cli.c:1140 #10 0xc1edff in task_run_applet src/applet.c:454 #11 0xaf8be9 in run_tasks_from_lists src/task.c:634 #12 0xafa2ed in process_runnable_tasks src/task.c:876 #13 0xa23c72 in run_poll_loop src/haproxy.c:3024 #14 0xa24aa3 in run_thread_poll_loop src/haproxy.c:3226 #15 0x7fabc69e7ea6 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7ea6) #16 0x7fabc6907a2e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfba2e) 0x60200007afb0 is located 0 bytes inside of 3-byte region [0x60200007afb0,0x60200007afb3) freed by thread T3 here: #0 0x7fabc6fb5527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527) #1 0x7fabc6ae8f8c in ossl_asn1_string_embed_free (/opt/quictls/lib/libcrypto.so.81.3+0xd4f8c) previously allocated by thread T2 here: #0 0x7fabc6fb573f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x7fabc6ae8d77 in ASN1_STRING_set (/opt/quictls/lib/libcrypto.so.81.3+0xd4d77) Thread T3 created by T0 here: #0 0x7fabc6f84bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0xc04f36 in setup_extra_threads src/thread.c:252 #2 0xa2761f in main src/haproxy.c:3917 #3 0x7fabc682fd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x23d09) Thread T2 created by T0 here: #0 0x7fabc6f84bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0xc04f36 in setup_extra_threads src/thread.c:252 #2 0xa2761f in main src/haproxy.c:3917 #3 0x7fabc682fd09 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x23d09) SUMMARY: AddressSanitizer: double-free ??:0 __interceptor_free ==507223==ABORTING Aborted The OCSP CID stored in the impacted ckch data were freed but not reset to NULL, leading to a subsequent double free. Must be backported to 2.8.		2023-12-06 16:12:08 +01:00
.github	CI: limit codespell checks to main repo, not forks	2023-11-23 16:23:14 +01:00
addons	MINOR: promex: Export active/backup metrics per-server	2023-12-06 10:24:41 +01:00
admin	MINOR: acme.sh: don't use '*' in the filename for wildcard domain	2023-12-04 11:53:50 +01:00
dev	DEV: sslkeylogger: handle file opening error	2023-10-03 15:23:35 +02:00
doc	DOC: management/lua: Update commands about map and acl	2023-12-06 10:24:41 +01:00
examples	CLEANUP: assorted typo fixes in the code and comments	2023-11-23 16:23:14 +01:00
include	MEDIUM: pattern: Add support for virtual and optional files for patterns	2023-12-06 10:24:41 +01:00
reg-tests	BUG/MINOR: sample: Make the `word` converter compatible with `-m found`	2023-12-01 14:35:47 +01:00
scripts	CI: ssl: add git id support for wolfssl download	2023-10-10 10:34:17 +02:00
src	BUG/MINOR: ssl: Double free of OCSP Certificate ID	2023-12-06 16:12:08 +01:00
tests	Revert "MAJOR: import: update mt_list to support exponential back-off"	2023-09-15 17:13:43 +02:00
.cirrus.yml	CI: cirrus-ci: display gdb bt if any	2023-09-22 08:28:30 +02:00
.gitattributes
.gitignore
.mailmap
.travis.yml
BRANCHES
BSDmakefile
CHANGELOG	[RELEASE] Released version 3.0-dev0	2023-12-05 16:19:35 +01:00
CONTRIBUTING
INSTALL	DOC: install: update the list of openssl versions	2023-11-23 16:29:42 +01:00
LICENSE
MAINTAINERS
Makefile	REORG: quic: Add a new module for retransmissions	2023-11-28 15:47:18 +01:00
README
SUBVERS
VERDATE	[RELEASE] Released version 2.9.0	2023-12-05 16:15:30 +01:00
VERSION	[RELEASE] Released version 3.0-dev0	2023-12-05 16:19:35 +01:00

README

The HAProxy documentation has been split into a number of different files for
ease of use.

Please refer to the following files depending on what you're looking for :

  - INSTALL for instructions on how to build and install HAProxy
  - BRANCHES to understand the project's life cycle and what version to use
  - LICENSE for the project's license
  - CONTRIBUTING for the process to follow to submit contributions

The more detailed documentation is located into the doc/ directory :

  - doc/intro.txt for a quick introduction on HAProxy
  - doc/configuration.txt for the configuration's reference manual
  - doc/lua.txt for the Lua's reference manual
  - doc/SPOE.txt for how to use the SPOE engine
  - doc/network-namespaces.txt for how to use network namespaces under Linux
  - doc/management.txt for the management guide
  - doc/regression-testing.txt for how to use the regression testing suite
  - doc/peers.txt for the peers protocol reference
  - doc/coding-style.txt for how to adopt HAProxy's coding style
  - doc/internals for developer-specific documentation (not all up to date)