From: Christopher Faulet Date: Tue, 31 May 2022 16:04:25 +0000 (+0200) Subject: BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified X-Git-Tag: v2.7-dev1~129 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=926fefca8dba3ca7aed3ef7fccf6aa5cffe3cf05;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified When a certificate entry is being modified, we must take care to no delete it because the corresponding ongoing transaction still references it. If we do so, it leads to a null-deref and a crash may be exeperienced if changes are commited. This patch must be backported as far as 2.2. --- diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index def02657ae..0ed81d6d45 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -2502,6 +2502,11 @@ static int cli_parse_del_cert(char **args, char *payload, struct appctx *appctx, filename = args[3]; + if (ckchs_transaction.path && strcmp(ckchs_transaction.path, filename) == 0) { + memprintf(&err, "ongoing transaction for the certificate '%s'", filename); + goto error; + } + store = ckchs_lookup(filename); if (store == NULL) { memprintf(&err, "certificate '%s' doesn't exist!\n", filename);