BUG/MAJOR: ssl: segfault upon an heartbeat request

7b5fd1e ("MEDIUM: connections: Move some fields from struct connection
to ssl_sock_ctx.") introduced a bug in the heartbleed mitigation code.

Indeed the code used conn->ctx instead of conn->xprt_ctx for the ssl
context, resulting in a null dereference.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 1a579f5999fc8afac73f2684477736e10ccc4b0e..651afa3a7af4bab6f9d3440e3638f7590f90a895 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1735,7 +1735,7 @@ void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf
           for a received record) */
        if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
                struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
-               struct ssl_sock_ctx *ctx = conn->ctx;
+               struct ssl_sock_ctx *ctx = conn->xprt_ctx;
                const unsigned char *p = buf;
                unsigned int payload;