From 1f08fa46fb5c2ec02f740b716a9674dc72a5cadc Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Tue, 31 May 2022 18:06:30 +0200 Subject: [PATCH] BUG/MEDIUM: ssl_ckch: Don't delete CA/CRL entry if it is being modified When a CA or a CRL entry is being modified, we must take care to no delete it because the corresponding ongoing transaction still references it. If we do so, it leads to a null-deref and a crash may be exeperienced if changes are commited. This patch must be backported as far as 2.5. --- src/ssl_ckch.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 0ed81d6d4..ad84eeacc 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -3252,6 +3252,11 @@ static int cli_parse_del_cafile(char **args, char *payload, struct appctx *appct filename = args[3]; + if (cafile_transaction.path && strcmp(cafile_transaction.path, filename) == 0) { + memprintf(&err, "ongoing transaction for the CA file '%s'", filename); + goto error; + } + cafile_entry = ssl_store_get_cafile_entry(filename, 0); if (!cafile_entry) { memprintf(&err, "CA file '%s' doesn't exist!\n", filename); @@ -3524,6 +3529,11 @@ static int cli_parse_del_crlfile(char **args, char *payload, struct appctx *appc filename = args[3]; + if (crlfile_transaction.path && strcmp(crlfile_transaction.path, filename) == 0) { + memprintf(&err, "ongoing transaction for the CRL file '%s'", filename); + goto error; + } + cafile_entry = ssl_store_get_cafile_entry(filename, 0); if (!cafile_entry) { memprintf(&err, "CRL file '%s' doesn't exist!\n", filename);