From: William Lallemand <wlallemand@haproxy.org>
Date: Thu, 10 Nov 2022 15:45:24 +0000 (+0100)
Subject: BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC
X-Git-Tag: v2.7-dev9~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4639689d89db2d18c4afbbe68e688a2b26b14b57;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: bind_conf is uncorrectly accessed when using QUIC

Since commit 9b2598 ("BUG/MEDIUM: ssl: Verify error codes can exceed
63"), the ca_ignerr_bitfield and crt_ignerr_bietfield are incorrecly
accessed from __objt_listener(conn->target)->bind_conf which is not
avaiable from QUIC. The bind_conf variable was mistakenly replaced.

This patch fixes the issue by using again the bind_conf variable.

Must be backported where 9b2598 was backported.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 811b3d8ea1..8dba5010a2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1778,7 +1778,7 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
 		}
 
 		if (err <= SSL_MAX_VFY_ERROR_CODE &&
-		    cert_ignerr_bitfield_get(__objt_listener(conn->target)->bind_conf->ca_ignerr_bitfield, err))
+		    cert_ignerr_bitfield_get(bind_conf->ca_ignerr_bitfield, err))
 			goto err_ignored;
 
 		/* TODO: for QUIC connection, this error code is lost */
@@ -1792,7 +1792,7 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
 
 	/* check if certificate error needs to be ignored */
 	if (err <= SSL_MAX_VFY_ERROR_CODE &&
-	    cert_ignerr_bitfield_get(__objt_listener(conn->target)->bind_conf->crt_ignerr_bitfield, err))
+	    cert_ignerr_bitfield_get(bind_conf->crt_ignerr_bitfield, err))
 		goto err_ignored;
 
 	/* TODO: for QUIC connection, this error code is lost */