From 0f02a62da02eaeb8444d8edddb0b3d1e58158610 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Wed, 29 Apr 2026 18:04:27 +0200 Subject: [PATCH] BUG/MEDIUM: acme: fix segfault on newOrder with empty authorizations When an ACME server returns a newOrder response with an empty authorizations array (certificate already validated), ctx->auths remains NULL. The state machine then transitions to ACME_AUTH which immediately dereferences ctx->next_auth, causing a segfault. Return an error from acme_res_neworder() so the caller retries. This needs to be backported to 3.2. --- src/acme.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/acme.c b/src/acme.c index bae7230bb..def664aa7 100644 --- a/src/acme.c +++ b/src/acme.c @@ -2153,6 +2153,7 @@ int acme_res_neworder(struct task *task, struct acme_ctx *ctx, char **errmsg) auth->auth = istdup(ist2(trash.area, trash.data)); if (!isttest(auth->auth)) { + free(auth); memprintf(errmsg, "out of memory"); goto error; } @@ -2162,6 +2163,11 @@ int acme_res_neworder(struct task *task, struct acme_ctx *ctx, char **errmsg) ctx->next_auth = auth; } + if (!ctx->auths) { + memprintf(errmsg, "no authorizations found in newOrder response"); + goto error; + } + if ((ret = mjson_get_string(hc->res.buf.area, hc->res.buf.data, "$.finalize", trash.area, trash.size)) <= 0) { memprintf(errmsg, "couldn't find the finalize URL"); goto error;