BUG/MEDIUM: ssl: avoid double free when releasing bind_confs

ssl_sock functions don't mark pointers as NULL after freeing them. So
if a "bind" line specifies some SSL settings without the "ssl" keyword,
they will get freed at the end of check_config_validity(), then freed
a second time on exit. Simply mark the pointers as NULL to fix this.
This fix needs to be backported to 1.7 and 1.6.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index e9876f85922110e2fe5ad11ecab1672d2c7b1ec3..1c9b430c575e9fa7dfe1a9617a4bd22e02224eb3 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -8850,6 +8850,13 @@ out_uri_auth_compat:
                                LIST_DEL(&bind_conf->keys_ref->list);
                                free(bind_conf->keys_ref);
                        }
+                       bind_conf->keys_ref = NULL;
+                       bind_conf->crl_file = NULL;
+                       bind_conf->ecdhe = NULL;
+                       bind_conf->ciphers = NULL;
+                       bind_conf->ca_sign_pass = NULL;
+                       bind_conf->ca_sign_file = NULL;
+                       bind_conf->ca_file = NULL;
 #endif /* USE_OPENSSL */
                }
 

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b681d639e198e5c46e2e97ca8466d60dedfb2fa1..6739fbc9fa233623a6ed6166ae1370e87f5cd5fb 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3334,6 +3334,8 @@ ssl_sock_free_ca(struct bind_conf *bind_conf)
                EVP_PKEY_free(bind_conf->ca_sign_pkey);
        if (bind_conf->ca_sign_cert)
                X509_free(bind_conf->ca_sign_cert);
+       bind_conf->ca_sign_pkey = NULL;
+       bind_conf->ca_sign_cert = NULL;
 }
 
 /*