Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 05bf68bd118887d043f45eddafd7ee8e6b3d4090
commit05bf68bd118887d043f45eddafd7ee8e6b3d4090[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Mon Oct 30 18:08:16 2023 +0100
committerChristopher Faulet <cfaulet@haproxy.com>Wed Dec 13 18:02:59 2023 +0100
tree14618bddece54d5f4ec95943b8e254101bd4bf6b
parent539bfaa9dd7bc25a15e4fcdbc23b63a514212d64 [diff]
BUG/MEDIUM: ssl: segfault when cipher is NULL

The patch which fixes the certificate selection uses
SSL_CIPHER_get_id() to skip the SCSV ciphers without checking if cipher
is NULL. This patch fixes the issue by skipping any NULL cipher in the
iteration.

Problem was reported in #2329.

Need to be backported where 23093c72f139eddfce68ea5580193ee131901591 was
backported. No release was made with this patch so the severity is
MEDIUM.

(cherry picked from commit e7bae7a0b620485407a34018709e9a1ad865e7a5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 40ff02bdf849abaa85a9f30fd0382ebeca3de4d0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit bf76cfec51a458ee400c022aef830737afc647c1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit e37b5e8029761cbe711f6a31dba4693647b4a8ef)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed
tree: 14618bddece54d5f4ec95943b8e254101bd4bf6b
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .travis.yml
  16. BRANCHES
  17. CHANGELOG
  18. CONTRIBUTING
  19. INSTALL
  20. LICENSE
  21. MAINTAINERS
  22. Makefile
  23. README
  24. ROADMAP
  25. SUBVERS
  26. VERDATE
  27. VERSION