From: Thierry FOURNIER Date: Sun, 17 Jun 2018 19:33:01 +0000 (+0200) Subject: BUG/MAJOR: ssl: Random crash with cipherlist capture X-Git-Tag: v1.9-dev1~200 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=16ff050478ab94d5147a4603fbd942a7f931c023;p=thirdparty%2Fhaproxy.git BUG/MAJOR: ssl: Random crash with cipherlist capture The cipher list capture struct is stored in the SSL memory space, but the slot is reserved in the SSL_CTX memory space. This causes ramdom crashes. This patch should be backported to 1.8 --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 5a003dc677..e48bbec58b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -8964,7 +8964,7 @@ static void __ssl_sock_init(void) #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER) sctl_ex_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_sctl_free_func); #endif - ssl_capture_ptr_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func); + ssl_capture_ptr_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, ssl_sock_capture_free_func); ssl_pkey_info_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL); sample_register_fetches(&sample_fetch_keywords); acl_register_keywords(&acl_kws);