LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1727 Commits
1 Branch
46 MiB
Tree: 4f7b0213d9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4f7b0213d9'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/0002-BUG-MEDIUM-ssl-fix-bad...

87 lines
2.7 KiB
Raw Normal View History

haproxy: patches from upstream - [PATCH 1/6] BUILD: fix "make install" to support spaces in the - [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause - [PATCH 3/6] BUG/MEDIUM: ssl: force a full GC in case of memory - [PATCH 4/6] BUG/MEDIUM: checks: fix conflicts between agent checks - [PATCH 5/6] BUG/MINOR: config: don't inherit the default balance - [PATCH 6/6] BUG/MAJOR: frontend: initialize capture pointers earlier Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
10 years ago
 
  1. From 90951497008967f10ba8f9927b53c6e6bc138540 Mon Sep 17 00:00:00 2001
  2. From: Emeric Brun <ebrun@haproxy.comw>
  3. Date: Wed, 12 Nov 2014 17:35:37 +0100
  4. Subject: [PATCH 2/6] BUG/MEDIUM: ssl: fix bad ssl context init can cause
  5.  segfault in case of OOM.
  6. 

  7. Some SSL context's init functions errors were not handled and
  8. can cause a segfault due to an incomplete SSL context
  9. initialization.
  10. 

  11. This fix must be backported to 1.5.
  12. (cherry picked from commit 5547615cdac377797ae351a2e024376dbf6d6963)
  13. ---

  14.  src/ssl_sock.c | 44 ++++++++++++++++++++++++++++++++++----------
  15.  1 file changed, 34 insertions(+), 10 deletions(-)
  16. 

  17. diff --git a/src/ssl_sock.c b/src/ssl_sock.c

  18. index f8bfbe7..620609f 100644

  19. --- a/src/ssl_sock.c

  20. +++ b/src/ssl_sock.c

  21. @@ -2040,15 +2040,29 @@ static int ssl_sock_init(struct connection *conn)

  22.  			return -1;
  23.  		}
  24.  
  25. -		SSL_set_connect_state(conn->xprt_ctx);

  26. -		if (objt_server(conn->target)->ssl_ctx.reused_sess)

  27. -			SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess);

  28. -

  29.  		/* set fd on SSL session context */
  30. -		SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd);

  31. +		if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {

  32. +			SSL_free(conn->xprt_ctx);

  33. +			conn->xprt_ctx = NULL;

  34. +			conn->err_code = CO_ER_SSL_NO_MEM;

  35. +			return -1;

  36. +		}

  37.  
  38.  		/* set connection pointer */
  39. -		SSL_set_app_data(conn->xprt_ctx, conn);

  40. +		if (!SSL_set_app_data(conn->xprt_ctx, conn)) {

  41. +			SSL_free(conn->xprt_ctx);

  42. +			conn->xprt_ctx = NULL;

  43. +			conn->err_code = CO_ER_SSL_NO_MEM;

  44. +			return -1;

  45. +		}

  46. +

  47. +		SSL_set_connect_state(conn->xprt_ctx);

  48. +		if (objt_server(conn->target)->ssl_ctx.reused_sess) {

  49. +			if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess)) {

  50. +				SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess);

  51. +				objt_server(conn->target)->ssl_ctx.reused_sess = NULL;

  52. +			}

  53. +		}

  54.  
  55.  		/* leave init state and start handshake */
  56.  		conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
  57. @@ -2065,13 +2079,23 @@ static int ssl_sock_init(struct connection *conn)

  58.  			return -1;
  59.  		}
  60.  
  61. -		SSL_set_accept_state(conn->xprt_ctx);

  62. -

  63.  		/* set fd on SSL session context */
  64. -		SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd);

  65. +		if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {

  66. +			SSL_free(conn->xprt_ctx);

  67. +			conn->xprt_ctx = NULL;

  68. +			conn->err_code = CO_ER_SSL_NO_MEM;

  69. +			return -1;

  70. +		}

  71.  
  72.  		/* set connection pointer */
  73. -		SSL_set_app_data(conn->xprt_ctx, conn);

  74. +		if (!SSL_set_app_data(conn->xprt_ctx, conn)) {

  75. +			SSL_free(conn->xprt_ctx);

  76. +			conn->xprt_ctx = NULL;

  77. +			conn->err_code = CO_ER_SSL_NO_MEM;

  78. +			return -1;

  79. +		}

  80. +

  81. +		SSL_set_accept_state(conn->xprt_ctx);

  82.  
  83.  		/* leave init state and start handshake */
  84.  		conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
  85. -- 

  86. 2.0.4
  87.