From: William Lallemand Date: Wed, 24 Jun 2020 14:26:41 +0000 (+0200) Subject: BUG/MEDIUM: ssl/cli: 'commit ssl cert' crashes when no private key X-Git-Tag: v2.2-dev11~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a941952ae1dbae0b7d015ad29dcf877d1f74df0b;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: ssl/cli: 'commit ssl cert' crashes when no private key A crash was reported in issue #707 because the private key was not uploaded correctly with "set ssl cert". The bug is provoked by X509_check_private_key() being called when there is no private key, which can lead to a segfault. This patch adds a check and return an error is the private key is not present. This must be backported in 2.1. --- diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 537c7ea7d1..aa7361fbb4 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -1495,6 +1495,12 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc int n; for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) { + /* if a certificate is here, a private key must be here too */ + if (ckchs_transaction.new_ckchs->ckch[n].cert && !ckchs_transaction.new_ckchs->ckch[n].key) { + memprintf(&err, "The transaction must contain at least a certificate and a private key!\n"); + goto error; + } + if (ckchs_transaction.new_ckchs->ckch[n].cert && !X509_check_private_key(ckchs_transaction.new_ckchs->ckch[n].cert, ckchs_transaction.new_ckchs->ckch[n].key)) { memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path); goto error; @@ -1503,6 +1509,12 @@ static int cli_parse_commit_cert(char **args, char *payload, struct appctx *appc } else #endif { + /* if a certificate is here, a private key must be here too */ + if (ckchs_transaction.new_ckchs->ckch->cert && !ckchs_transaction.new_ckchs->ckch->key) { + memprintf(&err, "The transaction must contain at least a certificate and a private key!\n"); + goto error; + } + if (!X509_check_private_key(ckchs_transaction.new_ckchs->ckch->cert, ckchs_transaction.new_ckchs->ckch->key)) { memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path); goto error;