BUG/MINOR: ssl: abort on sni_keytypes allocation failure

The ssl_sock_populate_sni_keytypes_hplr() function does not return an
error upon an allocation failure.

The process would probably crash during the configuration parsing if the
allocation fail since it tries to copy some data in the allocated
memory.

This patch could be backported as far as 1.5.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a957d3e9cdc4698e78dd24b21559510a922718e6..c69cb6c8ccc078505022f75e7e79585f3d2be7d8 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3040,7 +3040,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path, const struct cert_key_an
 
 #if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
 
-static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
+static int ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root *sni_keytypes, int key_index)
 {
        struct sni_keytype *s_kt = NULL;
        struct ebmb_node *node;
@@ -3060,6 +3060,9 @@ static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root
                 * strncpy will cause sig_abrt errors under certain versions of gcc with -O2
                 * See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60792
                 */
+               if (!s_kt)
+                       return -1;
+
                memcpy(s_kt->name.key, trash.area, i+1);
                s_kt->keytypes = 0;
                ebst_insert(sni_keytypes, &s_kt->name);
@@ -3071,6 +3074,8 @@ static void ssl_sock_populate_sni_keytypes_hplr(const char *str, struct eb_root
        /* Mark that this CN has the keytype of key_index via keytypes mask */
        s_kt->keytypes |= 1<<key_index;
 
+       return 0;
+
 }
 
 #endif
@@ -3207,13 +3212,21 @@ static int ssl_sock_load_multi_ckchs(const char *path, struct ckch_store *ckchs,
         *     keyindex = 0 | 1 | 4 = 5
         */
        for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
+               int ret;
 
                if (!ssl_sock_is_ckch_valid(&certs_and_keys[n]))
                        continue;
 
                if (fcount) {
-                       for (i = 0; i < fcount; i++)
-                               ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
+                       for (i = 0; i < fcount; i++) {
+                               ret = ssl_sock_populate_sni_keytypes_hplr(sni_filter[i], &sni_keytypes_map, n);
+                               if (ret < 0) {
+                                       memprintf(err, "%sunable to allocate SSL context.\n",
+                                                 err && *err ? *err : "");
+                                       rv = 1;
+                                       goto end;
+                               }
+                       }
                } else {
                        /* A lot of the following code is OpenSSL boilerplate for processing CN's and SAN's,
                         * so the line that contains logic is marked via comments
@@ -3226,10 +3239,16 @@ static int ssl_sock_load_multi_ckchs(const char *path, struct ckch_store *ckchs,
                                value = X509_NAME_ENTRY_get_data(entry);
                                if (ASN1_STRING_to_UTF8((unsigned char **)&str, value) >= 0) {
                                        /* Important line is here */
-                                       ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
+                                       ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
 
                                        OPENSSL_free(str);
                                        str = NULL;
+                                       if (ret < 0) {
+                                               memprintf(err, "%sunable to allocate SSL context.\n",
+                                                         err && *err ? *err : "");
+                                               rv = 1;
+                                               goto end;
+                                       }
                                }
                        }
 
@@ -3243,10 +3262,16 @@ static int ssl_sock_load_multi_ckchs(const char *path, struct ckch_store *ckchs,
                                        if (name->type == GEN_DNS) {
                                                if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
                                                        /* Important line is here */
-                                                       ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
+                                                       ret = ssl_sock_populate_sni_keytypes_hplr(str, &sni_keytypes_map, n);
 
                                                        OPENSSL_free(str);
                                                        str = NULL;
+                                                       if (ret < 0) {
+                                                               memprintf(err, "%sunable to allocate SSL context.\n",
+                                                                         err && *err ? *err : "");
+                                                               rv = 1;
+                                                               goto end;
+                                                       }
                                                }
                                        }
                                }