BUG/MEDIUM: ssl: segfault when cipher is NULL
The patch which fixes the certificate selection uses
SSL_CIPHER_get_id() to skip the SCSV ciphers without checking if cipher
is NULL. This patch fixes the issue by skipping any NULL cipher in the
iteration.
Problem was reported in #2329.
Need to be backported where 23093c72f139eddfce68ea5580193ee131901591 was
backported. No release was made with this patch so the severity is
MEDIUM.
(cherry picked from commit e7bae7a0b620485407a34018709e9a1ad865e7a5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 40ff02bdf849abaa85a9f30fd0382ebeca3de4d0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit bf76cfec51a458ee400c022aef830737afc647c1)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit e37b5e8029761cbe711f6a31dba4693647b4a8ef)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 49ef862..72c67db 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2479,13 +2479,16 @@
#else
cipher = SSL_CIPHER_find(ssl, cipher_suites);
#endif
+ if (!cipher)
+ continue;
+
cipher_id = SSL_CIPHER_get_id(cipher);
/* skip the SCSV "fake" signaling ciphersuites because they are NID_auth_any (RFC 7507) */
if (cipher_id == SSL3_CK_SCSV || cipher_id == SSL3_CK_FALLBACK_SCSV)
continue;
- if (cipher && ( SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa
- || SSL_CIPHER_get_auth_nid(cipher) == NID_auth_any)) {
+ if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa
+ || SSL_CIPHER_get_auth_nid(cipher) == NID_auth_any) {
has_ecdsa_sig = 1;
break;
}