]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a92b14) | patch
BUG/MINOR: ocsp: Crash when updating CA during ocsp updates
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Mon, 15 Sep 2025 13:32:40 +0000 (15:32 +0200)
committerWilliam Lallemand <wlallemand@haproxy.com>
Mon, 15 Sep 2025 13:34:36 +0000 (15:34 +0200)
commit257df69fbdcff5c1feb3b24a4cf6141f86984447
treea09d40b09b1d2b00ab6b121dc49360de55d35e2dtree
parent6a92b14cc171914b3ec1badcfa8966b935c9a9c1commit | diff
BUG/MINOR: ocsp: Crash when updating CA during ocsp updates

If an ocsp response is set to be updated automatically and some
certificate or CA updates are performed on the CLI, if the CLI update
happens while the OCSP response is being updated and is then detached
from the udapte tree, it might be wrongly inserted into the update tree
in 'ssl_sock_load_ocsp', and then reinserted when the update finishes.

The update tree then gets corrupted and we could end up crashing when
accessing other nodes in the ocsp response update tree.

This patch must be backported up to 2.8.
This patch fixes GitHub #3100.
include/haproxy/ssl_ocsp.h diff | blob | blame | history
src/ssl_ocsp.c diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git