BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list
The crash occures when the same certificate which is used on both a
server line and a bind line is inserted in a crt-list over the CLI.
This is quite uncommon as using the same file for a client and a server
certificate does not make sense in a lot of environments.
This patch fixes the issue by skipping the insertion of the SNI when no
bind_conf is available in the ckch_inst.
Change the reg-test to reproduce this corner case.
Should fix issue #1748.
Must be backported as far as 2.2. (it was previously in ssl_sock.c)
diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 8aa4eae..a8cd240 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -1138,8 +1138,15 @@
ctx->state = ADDCRT_ST_INSERT;
/* fallthrough */
case ADDCRT_ST_INSERT:
- /* insert SNIs in bind_conf */
+ /* the insertion is called for every instance of the store, not
+ * only the one we generated.
+ * But the ssl_sock_load_cert_sni() skip the sni already
+ * inserted. Not every instance has a bind_conf, it could be
+ * the store of a server so we should be careful */
+
list_for_each_entry(new_inst, &store->ckch_inst, by_ckchs) {
+ if (!new_inst->bind_conf) /* this is a server instance */
+ continue;
HA_RWLOCK_WRLOCK(SNI_LOCK, &new_inst->bind_conf->sni_lock);
ssl_sock_load_cert_sni(new_inst, new_inst->bind_conf);
HA_RWLOCK_WRUNLOCK(SNI_LOCK, &new_inst->bind_conf->sni_lock);