You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

51 lines
1.6 KiB

  1. From 8e24409513ae20000256b0dc649cb83412ffb20e Mon Sep 17 00:00:00 2001
  2. From: Willy Tarreau <w@1wt.eu>
  3. Date: Thu, 22 Dec 2016 17:57:46 +0100
  4. Subject: [PATCH 13/19] BUG/MEDIUM: ssl: avoid double free when releasing
  5. bind_confs
  6. ssl_sock functions don't mark pointers as NULL after freeing them. So
  7. if a "bind" line specifies some SSL settings without the "ssl" keyword,
  8. they will get freed at the end of check_config_validity(), then freed
  9. a second time on exit. Simply mark the pointers as NULL to fix this.
  10. This fix needs to be backported to 1.7 and 1.6.
  11. (cherry picked from commit 94ff03af84ee0c4a2b6cfb92332fcafbcdc48765)
  12. ---
  13. src/cfgparse.c | 7 +++++++
  14. src/ssl_sock.c | 2 ++
  15. 2 files changed, 9 insertions(+)
  16. diff --git a/src/cfgparse.c b/src/cfgparse.c
  17. index ec8f6a1..63716fa 100644
  18. --- a/src/cfgparse.c
  19. +++ b/src/cfgparse.c
  20. @@ -9050,6 +9050,13 @@ out_uri_auth_compat:
  21. LIST_DEL(&bind_conf->keys_ref->list);
  22. free(bind_conf->keys_ref);
  23. }
  24. + bind_conf->keys_ref = NULL;
  25. + bind_conf->crl_file = NULL;
  26. + bind_conf->ecdhe = NULL;
  27. + bind_conf->ciphers = NULL;
  28. + bind_conf->ca_sign_pass = NULL;
  29. + bind_conf->ca_sign_file = NULL;
  30. + bind_conf->ca_file = NULL;
  31. #endif /* USE_OPENSSL */
  32. }
  33. diff --git a/src/ssl_sock.c b/src/ssl_sock.c
  34. index 322488e..55eaa28 100644
  35. --- a/src/ssl_sock.c
  36. +++ b/src/ssl_sock.c
  37. @@ -3334,6 +3334,8 @@ ssl_sock_free_ca(struct bind_conf *bind_conf)
  38. EVP_PKEY_free(bind_conf->ca_sign_pkey);
  39. if (bind_conf->ca_sign_cert)
  40. X509_free(bind_conf->ca_sign_cert);
  41. + bind_conf->ca_sign_pkey = NULL;
  42. + bind_conf->ca_sign_cert = NULL;
  43. }
  44. /*
  45. --
  46. 2.10.2