You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.6 KiB
51 lines
1.6 KiB
From 8e24409513ae20000256b0dc649cb83412ffb20e Mon Sep 17 00:00:00 2001
|
|
From: Willy Tarreau <w@1wt.eu>
|
|
Date: Thu, 22 Dec 2016 17:57:46 +0100
|
|
Subject: [PATCH 13/19] BUG/MEDIUM: ssl: avoid double free when releasing
|
|
bind_confs
|
|
|
|
ssl_sock functions don't mark pointers as NULL after freeing them. So
|
|
if a "bind" line specifies some SSL settings without the "ssl" keyword,
|
|
they will get freed at the end of check_config_validity(), then freed
|
|
a second time on exit. Simply mark the pointers as NULL to fix this.
|
|
This fix needs to be backported to 1.7 and 1.6.
|
|
(cherry picked from commit 94ff03af84ee0c4a2b6cfb92332fcafbcdc48765)
|
|
---
|
|
src/cfgparse.c | 7 +++++++
|
|
src/ssl_sock.c | 2 ++
|
|
2 files changed, 9 insertions(+)
|
|
|
|
diff --git a/src/cfgparse.c b/src/cfgparse.c
|
|
index ec8f6a1..63716fa 100644
|
|
--- a/src/cfgparse.c
|
|
+++ b/src/cfgparse.c
|
|
@@ -9050,6 +9050,13 @@ out_uri_auth_compat:
|
|
LIST_DEL(&bind_conf->keys_ref->list);
|
|
free(bind_conf->keys_ref);
|
|
}
|
|
+ bind_conf->keys_ref = NULL;
|
|
+ bind_conf->crl_file = NULL;
|
|
+ bind_conf->ecdhe = NULL;
|
|
+ bind_conf->ciphers = NULL;
|
|
+ bind_conf->ca_sign_pass = NULL;
|
|
+ bind_conf->ca_sign_file = NULL;
|
|
+ bind_conf->ca_file = NULL;
|
|
#endif /* USE_OPENSSL */
|
|
}
|
|
|
|
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
|
|
index 322488e..55eaa28 100644
|
|
--- a/src/ssl_sock.c
|
|
+++ b/src/ssl_sock.c
|
|
@@ -3334,6 +3334,8 @@ ssl_sock_free_ca(struct bind_conf *bind_conf)
|
|
EVP_PKEY_free(bind_conf->ca_sign_pkey);
|
|
if (bind_conf->ca_sign_cert)
|
|
X509_free(bind_conf->ca_sign_cert);
|
|
+ bind_conf->ca_sign_pkey = NULL;
|
|
+ bind_conf->ca_sign_cert = NULL;
|
|
}
|
|
|
|
/*
|
|
--
|
|
2.10.2
|
|
|