From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 27 Feb 2024 16:22:15 +0000 (+0100)
Subject: BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist
X-Git-Tag: v3.0-dev5~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb7af8b2f169647286cfefe516c07d6d3a1fe156;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl/cli: duplicate cleaning code in cli_parse_del_crtlist

Since 23cab33 ("BUG/MINOR: ssl: Clear the ckch instance when deleting a
crt-list line"), LIST_DELETE is done twice, one time in
cli_parse_del_crtlist() and another time in ckch_inst_free().

It could trigger a crash with -DDEBUG_LIST.

This isn't a major problem since the ptr is not freed in the meantime so
it will only trigger with the debug.

This patch removes the LIST_DELETE as well as the loop done on link_ref
which is also don in ckch_inst_free()

Could be backported as far as 2.4. 2.4 version does not have a link_ref
loop.
---

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index bebaccae04..1790c96ce6 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -1514,7 +1514,6 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
 
 	list_for_each_entry_safe(inst, inst_s, &entry->ckch_inst, by_crtlist_entry) {
 		struct sni_ctx *sni, *sni_s;
-		struct ckch_inst_link_ref *link_ref, *link_ref_s;
 
 		HA_RWLOCK_WRLOCK(SNI_LOCK, &inst->bind_conf->sni_lock);
 		list_for_each_entry_safe(sni, sni_s, &inst->sni_ctx, by_ckch_inst) {
@@ -1524,12 +1523,6 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
 			free(sni);
 		}
 		HA_RWLOCK_WRUNLOCK(SNI_LOCK, &inst->bind_conf->sni_lock);
-		LIST_DELETE(&inst->by_ckchs);
-		list_for_each_entry_safe(link_ref, link_ref_s, &inst->cafile_link_refs, list) {
-			LIST_DELETE(&link_ref->link->list);
-			LIST_DELETE(&link_ref->list);
-			free(link_ref);
-		}
 		ckch_inst_free(inst);
 	}