From 7df5c2dc3c32db8c844671fd22bd228816c001a2 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 23 Jun 2020 11:02:17 +0200 Subject: [PATCH] BUG/MEDIUM: ssl: fix ssl_bind_conf double free Since commit 2954c47 ("MEDIUM: ssl: allow crt-list caching"), the ssl_bind_conf is allocated directly in the crt-list, and the crt-list can be shared between several bind_conf. The deinit() code wasn't changed to handle that. This patch fixes the issue by removing the free of the ssl_conf in ssl_sock_free_all_ctx(). It should be completed with a patch that free the ssl_conf and the crt-list. Fix issue #700. --- include/haproxy/ssl_sock-t.h | 2 +- src/ssl_sock.c | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h index d54469c9ea..cc7a7aad67 100644 --- a/include/haproxy/ssl_sock-t.h +++ b/include/haproxy/ssl_sock-t.h @@ -134,7 +134,7 @@ struct sni_ctx { unsigned int neg:1; /* reject if match */ unsigned int wild:1; /* wildcard sni */ struct pkey_info kinfo; /* pkey info */ - struct ssl_bind_conf *conf; /* ssl "bind" conf for the certificate */ + struct ssl_bind_conf *conf; /* ptr to a crtlist's ssl_conf, must not be free from here */ struct list by_ckch_inst; /* chained in ckch_inst's list of sni_ctx */ struct ckch_inst *ckch_inst; /* instance used to create this sni_ctx */ struct ebmb_node name; /* node holding the servername value */ diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 322613c375..715ae9d672 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4763,11 +4763,6 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf) back = ebmb_next(node); ebmb_delete(node); SSL_CTX_free(sni->ctx); - if (!sni->order) { /* only free the CTX conf on its first occurrence */ - ssl_sock_free_ssl_conf(sni->conf); - free(sni->conf); - sni->conf = NULL; - } free(sni); node = back; } -- 2.39.5