RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-06 13:33:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
fb00f31af4
haproxy/include
History
Remi Tricot-Le Breton fb00f31af4 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" 
If an unknown CA file was first mentioned in an "add ssl crt-list" CLI
command, it would result in a call to X509_STORE_load_locations which
performs a disk access which is forbidden during runtime. The same would
happen if a "ca-verify-file" or "crl-file" was specified. This was due
to the fact that the crt-list file parsing and the crt-list related CLI
commands parsing use the same functions.
The patch simply adds a new parameter to all the ssl_bind parsing
functions so that they know if the call is made during init or by the
CLI, and the ssl_store_load_locations function can then reject any new
cafile_entry creation coming from a CLI call.

It can be backported as far as 2.2.
2021-03-23 19:29:46 +01:00
..
haproxy BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" 2021-03-23 19:29:46 +01:00
import BUG/MINOR: xxhash: make sure armv6 uses memcpy() 2021-02-04 17:14:58 +01:00