mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 12:41:00 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: ssl: don't free the ckch in multi-cert bundle

Browse Source 
When using a ckch we should never try to free its content, because it
won't be usable  after and can result in a NULL derefence during
parsing.

The content was previously freed because the ckch wasn't stored in a
tree to be used later, now that we use it multiple time, we need to keep
the data.
This commit is contained in:
William Lallemand 2019-08-01 10:59:34 +02:00 committed by William Lallemand
parent f580d0f391
commit 6dee29d63d
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/ssl_sock.c
View File

@ -3398,9 +3398,6 @@ end:
if (names)
sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
node = ebmb_first(&sni_keytypes_map);
while (node) {
next = ebmb_next(node);