From 9ce3fb35a234dd268738c6e8e1f29290dcf006e1 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Fri, 9 May 2025 18:52:09 +0200 Subject: [PATCH] BUG/MINOR: ssl: prevent multiple 'crt' on the same ssl-f-use line The 'ssl-f-use' implementation doesn't prevent to have multiple time the 'crt' keyword, which overwrite the previous value. Letting users think that is it possible to use multiple certificates on the same line, which is not the case. This patch emits an alert when setting the 'crt' keyword multiple times on the same ssl-f-use line. Should fix issue #2966. No backport needed. --- src/cfgparse-ssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c index c71e070d6..3192121d6 100644 --- a/src/cfgparse-ssl.c +++ b/src/cfgparse-ssl.c @@ -2208,6 +2208,10 @@ static int proxy_parse_ssl_f_use(char **args, int section_type, struct proxy *cu char path[MAXPATHLEN+1]; const char *arg = args[cur_arg+1]; + if (ckch_conf->crt) { + memprintf(err, "'%s' already specified, aborting.", "crt"); + goto error; + } if (*arg != '@' && *arg != '/' && global_ssl.crt_base) { if ((strlen(global_ssl.crt_base) + 1 + strlen(arg)) > sizeof(path) || snprintf(path, sizeof(path), "%s/%s", global_ssl.crt_base, arg) > sizeof(path)) {