LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13437 Commits
1 Branch
46 MiB
Tree: e0266203e8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e0266203e8'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/004-BUG-MEDIUM-ssl-missing-...

77 lines
2.6 KiB
Raw Normal View History

haproxy: Update all patches for HAProxy v1.8.17 - Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.17.html) - Raise PKG_RELEASE to 2 - Prefix patches with 3-digit numbers instead of 4-digit numbers Signed-off-by: Christian Lachner <gladiac@gmail.com>
6 years ago
 
  1. commit 30cd01cbfd40201f3abe246216a85c69352aa79c
  2. Author: Emeric Brun <ebrun@haproxy.com>
  3. Date:   Thu Jan 10 10:51:13 2019 +0100
  4. 

  5.     BUG/MEDIUM: ssl: missing allocation failure checks loading tls key file
  6.     
  7.     This patch fixes missing allocation checks loading tls key file
  8.     and avoid memory leak in some error cases.
  9.     
  10.     This patch should be backport on branches 1.9 and 1.8
  11.     
  12.     (cherry picked from commit 09852f70e0ed0f23cf9287b1ce55bb6a60112f32)
  13.     Signed-off-by: Willy Tarreau <w@1wt.eu>
  14.     (cherry picked from commit a1dc55a63cfbc8f440b72b6def3957bf1fad12b2)
  15.     Signed-off-by: William Lallemand <wlallemand@haproxy.org>
  16. 

  17. diff --git a/src/ssl_sock.c b/src/ssl_sock.c

  18. index 11655533..7884c411 100644

  19. --- a/src/ssl_sock.c

  20. +++ b/src/ssl_sock.c

  21. @@ -7627,15 +7627,36 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px

  22.  	}
  23.  
  24.  	keys_ref = malloc(sizeof(*keys_ref));
  25. +	if (!keys_ref) {

  26. +		if (err)

  27. +			 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);

  28. +		return ERR_ALERT | ERR_FATAL;

  29. +	}

  30. +

  31.  	keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(struct tls_sess_key));
  32. +	if (!keys_ref->tlskeys) {

  33. +		free(keys_ref);

  34. +		if (err)

  35. +			 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);

  36. +		return ERR_ALERT | ERR_FATAL;

  37. +	}

  38.  
  39.  	if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
  40. +		free(keys_ref->tlskeys);

  41. +		free(keys_ref);

  42.  		if (err)
  43.  			memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
  44.  		return ERR_ALERT | ERR_FATAL;
  45.  	}
  46.  
  47.  	keys_ref->filename = strdup(args[cur_arg + 1]);
  48. +	if (!keys_ref->filename) {

  49. +		free(keys_ref->tlskeys);

  50. +		free(keys_ref);

  51. +		if (err)

  52. +			 memprintf(err, "'%s' : allocation error", args[cur_arg+1]);

  53. +		return ERR_ALERT | ERR_FATAL;

  54. +	}

  55.  
  56.  	while (fgets(thisline, sizeof(thisline), f) != NULL) {
  57.  		int len = strlen(thisline);
  58. @@ -7647,6 +7668,9 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px

  59.  			thisline[--len] = 0;
  60.  
  61.  		if (base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(struct tls_sess_key)) != sizeof(struct tls_sess_key)) {
  62. +			free(keys_ref->filename);

  63. +			free(keys_ref->tlskeys);

  64. +			free(keys_ref);

  65.  			if (err)
  66.  				memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
  67.  			fclose(f);
  68. @@ -7656,6 +7680,9 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px

  69.  	}
  70.  
  71.  	if (i < TLS_TICKETS_NO) {
  72. +		free(keys_ref->filename);

  73. +		free(keys_ref->tlskeys);

  74. +		free(keys_ref);

  75.  		if (err)
  76.  			memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
  77.  		fclose(f);