From: Pradeep Jindal <praddyjindal@gmail.com>
Date: Thu, 20 Aug 2015 12:55:17 +0000 (+0530)
Subject: BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command
X-Git-Tag: v1.6-dev4~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc79b003cb3863e3742cbbd60913a539be684873;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: TLS Ticket Key rotation broken via socket command

It seems haproxy was doing wrong pointer arithmetic to update the ticket
ring correctly.
---

diff --git a/src/dumpstats.c b/src/dumpstats.c
index a779f4783d..b97318bebf 100644
--- a/src/dumpstats.c
+++ b/src/dumpstats.c
@@ -1933,8 +1933,8 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line)
 					return 1;
 				}
 
-				memcpy(appctx->ctx.tlskeys.ref->tlskeys + 2 % TLS_TICKETS_NO, trash.str, trash.len);
-				appctx->ctx.tlskeys.ref->tls_ticket_enc_index = appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 1 % TLS_TICKETS_NO;
+				memcpy(appctx->ctx.tlskeys.ref->tlskeys + ((appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO), trash.str, trash.len);
+				appctx->ctx.tlskeys.ref->tls_ticket_enc_index = (appctx->ctx.tlskeys.ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
 
 				appctx->ctx.cli.msg = "TLS ticket key updated!";
 				appctx->st0 = STAT_CLI_PRINT;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2b91eedbe8..85ffd5fb77 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -500,8 +500,8 @@ int ssl_sock_update_tlskey(char *filename, struct chunk *tlskey, char **err) {
 		return 1;
 	}
 
-	memcpy((char *) (ref->tlskeys + 2 % TLS_TICKETS_NO), tlskey->str, tlskey->len);
-	ref->tls_ticket_enc_index = ref->tls_ticket_enc_index + 1 % TLS_TICKETS_NO;
+	memcpy((char *) (ref->tlskeys + ((ref->tls_ticket_enc_index + 2) % TLS_TICKETS_NO)), tlskey->str, tlskey->len);
+	ref->tls_ticket_enc_index = (ref->tls_ticket_enc_index + 1) % TLS_TICKETS_NO;
 
 	return 0;
 }