From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Mon, 26 Jan 2026 10:22:18 +0000 (+0100)
Subject: BUG/MINOR: ssl: Properly manage alloc failures in SSL passphrase callback
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d2ccc19fde2ce9af5379d4ab796e5b1307efacca;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Properly manage alloc failures in SSL passphrase callback

Some error paths in 'ssl_sock_passwd_cb' (allocation failures) did not
set the 'passphrase_idx' to -1 which is the way for the caller to know
not to call the callback again so in some memory contention contexts we
could end up calling the callback 'infinitely' (or until memory is
finally available).

This patch must be backported to 3.3.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a81688309..3f25b93ce 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3832,13 +3832,16 @@ int ssl_sock_passwd_cb(char *buf, int size, int rwflag, void *userdata)
 	global_ssl.passphrase_cmd[1] = strdup(data->path);
 
 	if (!global_ssl.passphrase_cmd[1]) {
+		data->passphrase_idx = -1;
 		ha_alert("ssl_sock_passwd_cb: allocation failure\n");
 		return -1;
 	}
 
 	if (!passphrase_cache)
-		if (ssl_sock_create_passphrase_cache())
+		if (ssl_sock_create_passphrase_cache()) {
+			data->passphrase_idx = -1;
 			return -1;
+		}
 
 	/* Try all the already known passphrases first. */
 	if (data->passphrase_idx < passphrase_idx) {