]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 157852c) | patch
BUG/MINOR: ocsp: Crash when updating CA during ocsp updates
authorRemi Tricot-Le Breton <rlebreton@haproxy.com>
Mon, 8 Sep 2025 13:44:23 +0000 (15:44 +0200)
committerChristopher Faulet <cfaulet@haproxy.com>
Mon, 15 Sep 2025 06:20:16 +0000 (08:20 +0200)
commit167ea8fc7b0cf9d1bf71ec03d7eac3141fbe0080
tree8169047deeeeb9fd6dc51da156e57afd43e417actree | snapshot
parent157852ce99ba6f142774f12a4d5b2f950a87b756commit | diff
BUG/MINOR: ocsp: Crash when updating CA during ocsp updates

If an ocsp response is set to be updated automatically and some
certificate or CA updates are performed on the CLI, if the CLI update
happens while the OCSP response is being updated and is then detached
from the udapte tree, it might be wrongly inserted into the update tree
in 'ssl_sock_load_ocsp', and then reinserted when the update finishes.

The update tree then gets corrupted and we could end up crashing when
accessing other nodes in the ocsp response update tree.

This patch must be backported up to 2.8.
This patch fixes GitHub #3100.
include/haproxy/ssl_ocsp.h diff | blob | blame | history
src/ssl_ocsp.c diff | blob | blame | history
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git