BUG/MEDIUM: ssl/cli: fix dot research in cli_parse_set_cert
During a 'set ssl cert', the result of the strrchr was wrongly tested
and can lead to a segfault when the certificate path did not contained a
dot.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index aaa8652..c62133d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10260,13 +10260,13 @@
/* if the ongoing transaction is a bundle, we need to find which part of the bundle need to be updated */
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
if (ckchs_transaction.new_ckchs->multi) {
- char *end = NULL;
+ char *end;
int j;
/* check if it was used in a bundle by removing the
* .dsa/.rsa/.ecdsa at the end of the filename */
end = strrchr(buf->area, '.');
- for (j = 0; *end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
+ for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
bundle = j; /* keep the type of certificate so we insert it at the right place */
*end = '\0'; /* it's a bundle let's end the string*/
@@ -10314,13 +10314,13 @@
}
#if HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL
{
- char *end = NULL;
+ char *end;
int j;
/* check if it was used in a bundle by removing the
* .dsa/.rsa/.ecdsa at the end of the filename */
end = strrchr(buf->area, '.');
- for (j = 0; *end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
+ for (j = 0; end && j < SSL_SOCK_NUM_KEYTYPES; j++) {
if (!strcmp(end + 1, SSL_SOCK_KEYTYPE_NAMES[j])) {
bundle = j; /* keep the type of certificate so we insert it at the right place */
*end = '\0'; /* it's a bundle let's end the string*/