BUG/MEDIUM: ssl/cli: 'commit ssl cert' crashes when no private key

A crash was reported in issue #707 because the private key was not uploaded correctly with "set ssl cert". The bug is provoked by X509_check_private_key() being called when there is no private key, which can lead to a segfault. This patch adds a check and return an error is the private key is not present. This must be backported in 2.1.
2026-02-06 18:01:05 +01:00 · 2020-06-24 16:26:41 +02:00 · 2020-06-24 16:26:41 +02:00 · a941952ae1
commit a941952ae1
parent e7723bddd7
1 changed files with 12 additions and 0 deletions
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@ -1495,6 +1495,12 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc
 		int n;

 		for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
+			/* if a certificate is here, a private key must be here too */
+			if (ckchs_transaction.new_ckchs->ckch[n].cert && !ckchs_transaction.new_ckchs->ckch[n].key) {
+				memprintf(&err, "The transaction must contain at least a certificate and a private key!\n");
+				goto error;
+			}
+
 			if (ckchs_transaction.new_ckchs->ckch[n].cert && !X509_check_private_key(ckchs_transaction.new_ckchs->ckch[n].cert, ckchs_transaction.new_ckchs->ckch[n].key)) {
 				memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path);
 				goto error;
@ -1503,6 +1509,12 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc
 	} else
 #endif
 	{
+		/* if a certificate is here, a private key must be here too */
+		if (ckchs_transaction.new_ckchs->ckch->cert && !ckchs_transaction.new_ckchs->ckch->key) {
+			memprintf(&err, "The transaction must contain at least a certificate and a private key!\n");
+			goto error;
+		}
+
 		if (!X509_check_private_key(ckchs_transaction.new_ckchs->ckch->cert, ckchs_transaction.new_ckchs->ckch->key)) {
 			memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path);
 			goto error;