mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 12:41:00 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake

Browse Source 
We have a bug when SSL reuse is disabled on the server side : we reset
the context but do not set it to NULL, causing a multiple free of the
same entry. It seems like this bug cannot appear as-is with the current
code (or the conditions to get it are not obvious) but it did definitely
strike when trying to fix another bug with the SNI which forced a new
handshake.

This fix should be backported to 1.7, 1.6 and 1.5.
This commit is contained in:
Willy Tarreau 2016-12-22 21:54:21 +01:00
parent 368780334c
commit 30fd4bd844
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -3654,8 +3654,10 @@ reneg_ok:
global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
/* check if session was reused, if not store current session on server for reuse */
if (objt_server(conn->target)->ssl_ctx.reused_sess)
if (objt_server(conn->target)->ssl_ctx.reused_sess) {
SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess);
objt_server(conn->target)->ssl_ctx.reused_sess = NULL;
}
if (!(objt_server(conn->target)->ssl_ctx.options & SRV_SSL_O_NO_REUSE))
objt_server(conn->target)->ssl_ctx.reused_sess = SSL_get1_session(conn->xprt_ctx);