BUG/MAJOR: ssl: segfault upon an heartbeat request 7b5fd1e ("MEDIUM: connections: Move some fields from struct connection to ssl_sock_ctx.") introduced a bug in the heartbleed mitigation code. Indeed the code used conn->ctx instead of conn->xprt_ctx for the ssl context, resulting in a null dereference.

commit: 7e1770b1516febc8d18c2dad3816e5b344f8d2df [log] [tgz]
author: William Lallemand <wlallemand@haproxy.com> Mon May 13 14:31:34 2019 +0200
committer: William Lallemand <wlallemand@haproxy.org> Mon May 13 16:03:44 2019 +0200
tree: e46e09b979f3407e9d460bf89343a1c426e0416d
parent: a6cc7e872a0cbdee274dcba108eb7a8019721145 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 1a579f5..651afa3 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -1735,7 +1735,7 @@
 	   for a received record) */
 	if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
 		struct connection *conn = SSL_get_ex_data(ssl, ssl_app_data_index);
-		struct ssl_sock_ctx *ctx = conn->ctx;
+		struct ssl_sock_ctx *ctx = conn->xprt_ctx;
 		const unsigned char *p = buf;
 		unsigned int payload;
commit	7e1770b1516febc8d18c2dad3816e5b344f8d2df	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.com>	Mon May 13 14:31:34 2019 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Mon May 13 16:03:44 2019 +0200
tree	e46e09b979f3407e9d460bf89343a1c426e0416d
parent	a6cc7e872a0cbdee274dcba108eb7a8019721145 [diff]