From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 4 Nov 2019 09:59:32 +0000 (+0100)
Subject: BUG/MEDIUM: ssl/cli: don't alloc path when cert not found
X-Git-Tag: v2.1-dev5~44
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8a7fdf036b1ad333961b319212d2505f73b33cc0;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: ssl/cli: don't alloc path when cert not found

When doing an 'ssl set cert' with a certificate which does not exist in
configuration, the appctx->ctx.ssl.old_ckchs->path was duplicated while
app->ctx.ssl.old_ckchs was NULL, resulting in a NULL dereference.

Move the code so the 'not referenced' error is done before this.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c62133ddbc..98b3ad8b71 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10342,15 +10342,6 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
 		}
 
 		appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
-
-		/* this is a new transaction, set the path of the transaction */
-		appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
-		if (!appctx->ctx.ssl.path) {
-			memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
-			errcode |= ERR_ALERT | ERR_FATAL;
-			goto end;
-		}
-
 	}
 
 	if (!appctx->ctx.ssl.old_ckchs) {
@@ -10360,6 +10351,15 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx,
 		goto end;
 	}
 
+	if (!appctx->ctx.ssl.path) {
+	/* this is a new transaction, set the path of the transaction */
+		appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
+		if (!appctx->ctx.ssl.path) {
+			memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
+			errcode |= ERR_ALERT | ERR_FATAL;
+			goto end;
+		}
+	}
 
 	old_ckchs = appctx->ctx.ssl.old_ckchs;