From: William Lallemand Date: Mon, 29 Sep 2025 11:28:11 +0000 (+0200) Subject: BUG/MEDIUM: acme: free() of i2d_X509_REQ() with AWS-LC X-Git-Tag: v3.3-dev9~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3ce597bfa23d6e4b8ec62ce22c65b677c328027b;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: acme: free() of i2d_X509_REQ() with AWS-LC When using AWS-LC, the free() of the data ptr resulting from i2d_X509_REQ() might crash, because it uses the free() of the libc instead of OPENSSL_free(). It does not seems to be a problem on openssl builds. Must be backported in 3.2. --- diff --git a/src/acme.c b/src/acme.c index a745884ef..e302b9865 100644 --- a/src/acme.c +++ b/src/acme.c @@ -1317,7 +1317,7 @@ int acme_req_finalize(struct task *task, struct acme_ctx *ctx, char **errmsg) csr->data = ret; chunk_printf(req_in, "{ \"csr\": \"%.*s\" }", (int)csr->data, csr->area); - free(data); + OPENSSL_free(data); if (acme_jws_payload(req_in, ctx->nonce, ctx->finalize, ctx->cfg->account.pkey, ctx->kid, req_out, errmsg) != 0)