mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 22:31:28 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: increment issuer refcount if in chain

Browse Source 
When using the OCSP response, if the issuer of the response is in
the certificate chain, its address will be stored in ckch->ocsp_issuer.
However, since the ocsp_issuer could be filled by a separate file, this
pointer is free'd. The refcount of the X509 need to be incremented to
avoid a double free if we free the ocsp_issuer AND the chain.
This commit is contained in:
William Lallemand 2020-01-23 11:42:52 +01:00
parent 027d206b57
commit b829dda57b
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/ssl_sock.c
View File

@ -3468,6 +3468,7 @@ static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_c
issuer = sk_X509_value(ckch->chain, i); issuer = sk_X509_value(ckch->chain, i);
if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) { if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
ckch->ocsp_issuer = issuer; ckch->ocsp_issuer = issuer;
X509_up_ref(ckch->ocsp_issuer);
break; break;
} else } else
issuer = NULL; issuer = NULL;