mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-24 15:21:29 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: httpclient: fixed memory allocation for the SSL ca_file

Browse Source 
The memory for the SSL ca_file was allocated only once (in the function
httpclient_create_proxy()) and that pointer was assigned to each created
proxy that the HTTP client uses.  This would not be a problem if this
memory was not freed in each individual proxy when it was deinitialized
in the function ssl_sock_free_srv_ctx().

  Memory allocation:
    src/http_client.c, function httpclient_create_proxy():
      1277:	if (!httpclient_ssl_ca_file)
      1278:		httpclient_ssl_ca_file = strdup("@system-ca");
      1280:	srv_ssl->ssl_ctx.ca_file = httpclient_ssl_ca_file;

  Memory deallocation:
    src/ssl_sock.c, function ssl_sock_free_srv_ctx():
      5613:	ha_free(&srv->ssl_ctx.ca_file);

This should be backported to version 2.6.
This commit is contained in:
Miroslav Zagorac 2022-11-02 16:11:50 +01:00 committed by William Lallemand
parent 1ef1b859d0
commit a2ec192de3
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/http_client.c
View File

@ -1274,10 +1274,7 @@ struct proxy *httpclient_create_proxy(const char *id)
/* if the verify is required, try to load the system CA */
if (httpclient_ssl_verify == SSL_SOCK_VERIFY_REQUIRED) {
if (!httpclient_ssl_ca_file)
httpclient_ssl_ca_file = strdup("@system-ca");
srv_ssl->ssl_ctx.ca_file = httpclient_ssl_ca_file;
srv_ssl->ssl_ctx.ca_file = strdup(httpclient_ssl_ca_file ? httpclient_ssl_ca_file : "@system-ca");
if (!ssl_store_load_locations_file(srv_ssl->ssl_ctx.ca_file, 1, CAFILE_CERT)) {
/* if we failed to load the ca-file, only quits in
* error with hard_error, otherwise just disable the