commit 8a7fdf036b1ad333961b319212d2505f73b33cc0
author William Lallemand <wlallemand@haproxy.com> Mon Nov 04 10:59:32 2019 +0100
committer William Lallemand <wlallemand@haproxy.org> Mon Nov 04 11:22:33 2019 +0100
tree 9298ae274b2afc69df6e8c04cb86d7d35db01a26
parent 1753cb544dd19714daecb9c6c4b0d07b6abf40f2

BUG/MEDIUM: ssl/cli: don't alloc path when cert not found

When doing an 'ssl set cert' with a certificate which does not exist in
configuration, the appctx->ctx.ssl.old_ckchs->path was duplicated while
app->ctx.ssl.old_ckchs was NULL, resulting in a NULL dereference.

Move the code so the 'not referenced' error is done before this.

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c62133d..98b3ad8 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -10342,15 +10342,6 @@
 		}
 
 		appctx->ctx.ssl.old_ckchs = find_ckchs[0] ? find_ckchs[0] : find_ckchs[1];
-
-		/* this is a new transaction, set the path of the transaction */
-		appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
-		if (!appctx->ctx.ssl.path) {
-			memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
-			errcode |= ERR_ALERT | ERR_FATAL;
-			goto end;
-		}
-
 	}
 
 	if (!appctx->ctx.ssl.old_ckchs) {
@@ -10360,6 +10351,15 @@
 		goto end;
 	}
 
+	if (!appctx->ctx.ssl.path) {
+	/* this is a new transaction, set the path of the transaction */
+		appctx->ctx.ssl.path = strdup(appctx->ctx.ssl.old_ckchs->path);
+		if (!appctx->ctx.ssl.path) {
+			memprintf(&err, "%sCan't allocate memory\n", err ? err : "");
+			errcode |= ERR_ALERT | ERR_FATAL;
+			goto end;
+		}
+	}
 
 	old_ckchs = appctx->ctx.ssl.old_ckchs;