BUG/MEDIUM: ssl: fix ssl_bind_conf double free

Since commit 2954c47 ("MEDIUM: ssl: allow crt-list caching"), the
ssl_bind_conf is allocated directly in the crt-list, and the crt-list
can be shared between several bind_conf. The deinit() code wasn't
changed to handle that.

This patch fixes the issue by removing the free of the ssl_conf in
ssl_sock_free_all_ctx().

It should be completed with a patch that free the ssl_conf and the
crt-list.

Fix issue #700.

diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h
index d54469c9ea6d257212ed7859607adc291a9e5753..cc7a7aad6762457efc1f45795cf5bab50368ee27 100644 (file)
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h
@@ -134,7 +134,7 @@ struct sni_ctx {
        unsigned int neg:1;       /* reject if match */
        unsigned int wild:1;      /* wildcard sni */
        struct pkey_info kinfo;   /* pkey info */
-       struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */
+       struct ssl_bind_conf *conf; /* ptr to a crtlist's ssl_conf, must not be free from here */
        struct list by_ckch_inst; /* chained in ckch_inst's list of sni_ctx */
        struct ckch_inst *ckch_inst; /* instance used to create this sni_ctx */
        struct ebmb_node name;    /* node holding the servername value */

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 322613c375089ca6c29eebb87478b0400d3e7edb..715ae9d67219f5e4271bea02cad40dfec4b0a49c 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4763,11 +4763,6 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
                back = ebmb_next(node);
                ebmb_delete(node);
                SSL_CTX_free(sni->ctx);
-               if (!sni->order) { /* only free the CTX conf on its first occurrence */
-                       ssl_sock_free_ssl_conf(sni->conf);
-                       free(sni->conf);
-                       sni->conf = NULL;
-               }
                free(sni);
                node = back;
        }