BUG/MINOR: ssl: fix crt-store load parsing

The crt-store load line parser relies on offsets of member of the ckch_conf struct. However the new "alias" keyword as an offset to -1, because it does not need to be used. Plan was to handle it that way in the parser, but it wasn't supported yet. So -1 was still used in an offset computation which was not used, but ASAN could see the problem. This patch fixes the issue by using a signed type for the offset value, so any negative value would be skipped. It also introduced a PARSE_TYPE_NONE for the parser. No backport needed.
2025-08-06 15:17:01 +02:00 · 2024-04-17 20:52:46 +02:00 · 2024-04-17 20:52:46 +02:00 · 10224d72fd
commit 10224d72fd
parent ff4a0f6562
2 changed files with 11 additions and 5 deletions
--- a/include/haproxy/ssl_ckch-t.h
+++ b/include/haproxy/ssl_ckch-t.h
@ -169,14 +169,15 @@ struct cert_exts {

 /* argument types */
 enum parse_type_t {
-	PARSE_TYPE_INT = 0,
+	PARSE_TYPE_NONE = 0,
+	PARSE_TYPE_INT,
 	PARSE_TYPE_STR,         /* string which is strdup() */
 	PARSE_TYPE_ONOFF,       /* "on" or "off" keyword */
 };

 struct ckch_conf_kws {
 	const char *name;
-	size_t offset;
+	ssize_t offset;
 	enum parse_type_t type;
 	int (*func)(const char *path, char *buf, struct ckch_data *d, char **err);
 	char **base; /* ptr to the base path */
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@ -3997,13 +3997,13 @@ static struct cli_kw_list cli_kws = {{ },{
 INITCALL1(STG_REGISTER, cli_register_kw, &cli_kws);

 struct ckch_conf_kws ckch_conf_kws[] = {
-	{ "alias",                               -1,                 0, NULL,                                  NULL },
+	{ "alias",                               -1,                 PARSE_TYPE_NONE, NULL,                                  NULL },
 	{ "crt",    offsetof(struct ckch_conf, crt),    PARSE_TYPE_STR, ssl_sock_load_pem_into_ckch,           &global_ssl.crt_base },
 	{ "key",    offsetof(struct ckch_conf, key),    PARSE_TYPE_STR, ssl_sock_load_key_into_ckch,           &global_ssl.key_base },
 	{ "ocsp",   offsetof(struct ckch_conf, ocsp),   PARSE_TYPE_STR, ssl_sock_load_ocsp_response_from_file, &global_ssl.crt_base },
 	{ "issuer", offsetof(struct ckch_conf, issuer), PARSE_TYPE_STR, ssl_sock_load_issuer_file_into_ckch,   &global_ssl.crt_base },
 	{ "sctl",   offsetof(struct ckch_conf, sctl),   PARSE_TYPE_STR, ssl_sock_load_sctl_from_file,          &global_ssl.crt_base },
-	{ NULL,     0,                                  PARSE_TYPE_STR, NULL,                                  NULL                 }
+	{ NULL,     -1,                                  PARSE_TYPE_STR, NULL,                                  NULL                 }
 };

 /* crt-store does not try to find files, but use the stored filename */
@ -4021,8 +4021,13 @@ int ckch_store_load_files(struct ckch_conf *f, struct ckch_store *c, char **err)
 	}

 	for (i = 0; ckch_conf_kws[i].name; i++) {
-		char *src = *(char **)((intptr_t)f + (ptrdiff_t)ckch_conf_kws[i].offset);
+		char *src = NULL;
 		char **base = ckch_conf_kws[i].base;
+
+		if (ckch_conf_kws[i].offset < 0)
+			continue;
+
+		src = *(char **)((intptr_t)f + (ptrdiff_t)ckch_conf_kws[i].offset);
 		if (src) {
 			char *path;
 			char path_base[PATH_MAX];