git.ipfire.org Git - thirdparty/haproxy.git/commit

]> git.ipfire.org Git - thirdparty/haproxy.git/commit

projects / thirdparty / haproxy.git / commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Tue, 30 Aug 2022 14:27:49 +0000 (16:27 +0200)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Tue, 30 Aug 2022 14:27:51 +0000 (16:27 +0200)
commit	ddd480cbdc0d54b3426ce9b6dd68cd849747cb07
tree	dbc8b2b93936945bc423ed6d151d3fe14c5fcd08	tree
parent	f611248d8cc00054c63e831e0dce9c8ad822a133	commit \| diff

BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released

When old chck instances is released at the end of "commit ssl ca-file" or
"commit ssl crl-file" commands, the link is released. But we walk through
the list using the unsafe macro. list_for_each_entry_safe() must be used.

This bug was introduced by commit 056ad01d5 ("BUG/MINOR: ssl: leak of
ckch_inst_link in ckch_inst_free()"). Thus this patch must be backported as
far as 2.5.

src/ssl_ckch.c

diff | blob | blame | history

Mirror of https://github.com/haproxy/haproxy.git

RSS Atom