mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path

Browse Source 
We could run under heavy load in containers or on premises and some automatic
tool in parallel could use CLI to check OCSP updates statuses or to upload new
OCSP responses. So, calloc() to store OCSP update callback arguments may fail
and ocsp_tree_lock need to be unlocked, when exiting due to this failure.

This needs to be backported in all stable versions until v2.4.0 included.
This commit is contained in:
Valentine Krasnobaeva 2024-07-15 14:57:05 +02:00 committed by Willy Tarreau
parent a9e3decd76
commit 9371c28c28
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ssl_sock.c
View File

@ -1195,8 +1195,10 @@ static int ssl_sock_load_ocsp(const char *path, SSL_CTX *ctx, struct ckch_store
EVP_PKEY *pkey; EVP_PKEY *pkey;
cb_arg = calloc(1, sizeof(*cb_arg)); cb_arg = calloc(1, sizeof(*cb_arg));
if (!cb_arg) if (!cb_arg) {
HA_SPIN_UNLOCK(OCSP_LOCK, &ocsp_tree_lock);
goto out; goto out;
}
cb_arg->is_single = 1; cb_arg->is_single = 1;
cb_arg->s_ocsp = iocsp; cb_arg->s_ocsp = iocsp;