mirror of
				https://git.haproxy.org/git/haproxy.git/
				synced 2025-10-26 14:10:59 +01:00 
			
		
		
		
	BUG/MINOR: acme: don't unlink from acme_ctx_destroy()
Unlinking the acme_ctx element from acme_ctx_destroy() requires to have the element unlocked, because MT_LIST_DELETE() locks the element. acme_ctx_destroy() frees the data from acme_ctx with the ctx still linked and unlocked, then lock to unlink. So there's a small risk of accessing acme_ctx from somewhere else. The only way to do that would be to use the `acme challenge_ready` CLI command at the same time. Fix the issue by doing a mt_list_unlock_link() and a mt_list_unlock_self() to unlink the element under the lock, then destroy the element. This must be backported in 3.2.
This commit is contained in:
		
							parent
							
								
									6499c0a0d5
								
							
						
					
					
						commit
						406fd0ceb1
					
				| @ -845,7 +845,6 @@ static void acme_ctx_destroy(struct acme_ctx *ctx) | ||||
| 
 | ||||
| 	X509_REQ_free(ctx->req); | ||||
| 
 | ||||
| 	MT_LIST_DELETE(&ctx->el); | ||||
| 
 | ||||
| 	free(ctx); | ||||
| } | ||||
| @ -2362,8 +2361,10 @@ abort: | ||||
| 	ha_free(&errmsg); | ||||
| 
 | ||||
| end: | ||||
| 	MT_LIST_UNLOCK_FULL(&ctx->el, tmp); | ||||
| 	acme_del_acme_ctx_map(ctx); | ||||
| 	/* unlink ctx from the mtlist then destroy */ | ||||
| 	mt_list_unlock_link(tmp); | ||||
| 	mt_list_unlock_self(&ctx->el); | ||||
| 	acme_ctx_destroy(ctx); | ||||
| 	task_destroy(task); | ||||
| 	task = NULL; | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user