From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Fri, 19 Jun 2015 16:57:30 +0000 (-0600)
Subject: Fixed segmentation fault when freeing https_port clientca on reconfigure
X-Git-Tag: merge-candidate-3-v1~76
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0f4e4e0d55779a5ca9ce6956f072bf51ffbca88;p=thirdparty%2Fsquid.git

Fixed segmentation fault when freeing https_port clientca on reconfigure
or exit.

AnyP::PortCfg::clientCA list was double-freed because the SSL context takes
ownership of the STACK_OF(X509_NAME) supplied via SSL_CTX_set_client_CA_list(),
but Squid was not aware of that. Squid now supplies a clone of clientCA.
---

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index f5d0696ef2..e2ea36d74c 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -925,7 +925,13 @@ configureSslContext(SSL_CTX *sslContext, AnyP::PortCfg &port)
 
     if (port.clientCA.get()) {
         ERR_clear_error();
-        SSL_CTX_set_client_CA_list(sslContext, port.clientCA.get());
+        if (STACK_OF(X509_NAME) *clientca = SSL_dup_CA_list(port.clientCA.get())) {
+            SSL_CTX_set_client_CA_list(sslContext, clientca);
+        } else {
+            ssl_error = ERR_get_error();
+            debugs(83, DBG_CRITICAL, "ERROR: Failed to dupe the client CA list: " << ERR_error_string(ssl_error, NULL));
+            return false;
+        }
 
         if (port.sslContextFlags & SSL_FLAG_DELAYED_AUTH) {
             debugs(83, 9, "Not requesting client certificates until acl processing requires one");