BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified When a certificate entry is being modified, we must take care to no delete it because the corresponding ongoing transaction still references it. If we do so, it leads to a null-deref and a crash may be exeperienced if changes are commited. This patch must be backported as far as 2.2.

commit: 926fefca8dba3ca7aed3ef7fccf6aa5cffe3cf05 [log] [tgz]
author: Christopher Faulet <cfaulet@haproxy.com> Tue May 31 18:04:25 2022 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Wed Jun 01 16:28:15 2022 +0200
tree: a670241d7928ebf142e0b2760f8c4033ba1c52ed
parent: 4329dcc2fcc44cfa0cc10a64c12f3f89ec118ae3 [diff]
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index def0265..0ed81d6 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c

@@ -2502,6 +2502,11 @@
 
 	filename = args[3];
 
+	if (ckchs_transaction.path && strcmp(ckchs_transaction.path, filename) == 0) {
+		memprintf(&err, "ongoing transaction for the certificate '%s'", filename);
+		goto error;
+	}
+
 	store = ckchs_lookup(filename);
 	if (store == NULL) {
 		memprintf(&err, "certificate '%s' doesn't exist!\n", filename);
commit	926fefca8dba3ca7aed3ef7fccf6aa5cffe3cf05	[log] [tgz]
author	Christopher Faulet <cfaulet@haproxy.com>	Tue May 31 18:04:25 2022 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Wed Jun 01 16:28:15 2022 +0200
tree	a670241d7928ebf142e0b2760f8c4033ba1c52ed
parent	4329dcc2fcc44cfa0cc10a64c12f3f89ec118ae3 [diff]