From 926fefca8dba3ca7aed3ef7fccf6aa5cffe3cf05 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Tue, 31 May 2022 18:04:25 +0200 Subject: [PATCH] BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified When a certificate entry is being modified, we must take care to no delete it because the corresponding ongoing transaction still references it. If we do so, it leads to a null-deref and a crash may be exeperienced if changes are commited. This patch must be backported as far as 2.2. --- src/ssl_ckch.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index def02657a..0ed81d6d4 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -2502,6 +2502,11 @@ static int cli_parse_del_cert(char **args, char *payload, struct appctx *appctx, filename = args[3]; + if (ckchs_transaction.path && strcmp(ckchs_transaction.path, filename) == 0) { + memprintf(&err, "ongoing transaction for the certificate '%s'", filename); + goto error; + } + store = ckchs_lookup(filename); if (store == NULL) { memprintf(&err, "certificate '%s' doesn't exist!\n", filename);