mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 07:37:02 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id()

Browse Source 
After we call SSL_SESSION_get_id(), the length of the id in bytes is
stored in "len", which was never checked. This could cause unexpected
behavior when using the "ssl_fc_session_id" or "ssl_bc_session_id"
fetchers (eg. the result can be an empty value).

The issue was introduced with commit 105599c ("BUG/MEDIUM: ssl: fix
several bad pointer aliases in a few sample fetch functions").

This patch must be backported to 2.1, 2.0, and 1.9.
This commit is contained in:
Dragan Dosen 2020-05-04 09:07:28 +02:00 committed by Willy Tarreau
parent 7032a3fd0a
commit f35d69e7fc
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_sock.c
View File

@ -8706,7 +8706,7 @@ smp_fetch_ssl_fc_session_id(const struct arg *args, struct sample *smp, const ch
return 0;
smp->data.u.str.area = (char *)SSL_SESSION_get_id(ssl_sess, &len);
if (!smp->data.u.str.area || !smp->data.u.str.data)
if (!smp->data.u.str.area || !len)
return 0;
smp->data.u.str.data = len;