From: William Lallemand Date: Wed, 23 Oct 2019 13:00:52 +0000 (+0200) Subject: BUG/MINOR: ssl/cli: out of bounds when built without ocsp/sctl X-Git-Tag: v2.1-dev3~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f29cdefccd899f7e98f21c971cb5f4257b72dce5;p=thirdparty%2Fhaproxy.git BUG/MINOR: ssl/cli: out of bounds when built without ocsp/sctl Commit 541a534 ("BUG/MINOR: ssl/cli: fix build of SCTL and OCSP") introduced a bug in which we iterate outside the array durint a 'set ssl cert' if we didn't built with the ocsp or sctl. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 151898c02c..0ef30c7719 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -9943,7 +9943,7 @@ struct { int type; int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err); /* add a parsing callback */ -} cert_exts[CERT_TYPE_MAX] = { +} cert_exts[CERT_TYPE_MAX+1] = { [CERT_TYPE_PEM] = { "", CERT_TYPE_PEM, &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */ #if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL) [CERT_TYPE_OCSP] = { "ocsp", CERT_TYPE_OCSP, &ssl_sock_load_ocsp_response_from_file }, @@ -9952,6 +9952,7 @@ struct { [CERT_TYPE_SCTL] = { "sctl", CERT_TYPE_SCTL, &ssl_sock_load_sctl_from_file }, #endif [CERT_TYPE_ISSUER] = { "issuer", CERT_TYPE_ISSUER, &ssl_sock_load_issuer_file_into_ckch }, + [CERT_TYPE_MAX] = { NULL, CERT_TYPE_MAX, NULL }, }; /* release function of the `set ssl cert' command, free things and unlock the spinlock */ @@ -10188,7 +10189,7 @@ static int cli_parse_set_cert(char **args, char *payload, struct appctx *appctx, } /* check which type of file we want to update */ - for (i = 0; i < CERT_TYPE_MAX; i++) { + for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) { end = strrchr(buf->area, '.'); if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) { *end = '\0';