From: Willy Tarreau <w@1wt.eu>
Date: Mon, 13 Feb 2017 10:12:29 +0000 (+0100)
Subject: BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()
X-Git-Tag: v1.8-dev1~137
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3cc3a302651e905209b96e07203d03cf7e46ccb;p=thirdparty%2Fhaproxy.git

BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()

Commit 405ff31 ("BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL")
introduced a regression causing some random crashes apparently due to
memory corruption. The issue is the use of SSL_CTX_set_quiet_shutdown()
instead of SSL_set_quiet_shutdown(), making it use a different structure
and causing the flag to be put who-knows-where.

Many thanks to Jarno Huuskonen who reported this bug early and who
bisected the issue to spot this patch. No backport is needed, this
is 1.8-specific.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 232a4970f6..e7eb5df3a6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4177,7 +4177,7 @@ static void ssl_sock_shutw(struct connection *conn, int clean)
 		return;
 	if (!clean)
 		/* don't sent notify on SSL_shutdown */
-		SSL_CTX_set_quiet_shutdown(conn->xprt_ctx, 1);
+		SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
 	/* no handshake was in progress, try a clean ssl shutdown */
 	if (SSL_shutdown(conn->xprt_ctx) <= 0) {
 		/* Clear openssl global errors stack */