Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / ddd480cbdc0d54b3426ce9b6dd68cd849747cb07
commitddd480cbdc0d54b3426ce9b6dd68cd849747cb07[log] [tgz]
authorChristopher Faulet <cfaulet@haproxy.com>Tue Aug 30 16:27:49 2022 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Tue Aug 30 16:27:51 2022 +0200
treedbc8b2b93936945bc423ed6d151d3fe14c5fcd08
parentf611248d8cc00054c63e831e0dce9c8ad822a133 [diff]
BUG/MEDIUM: ssl: Fix a UAF when old ckch instances are released

When old chck instances is released at the end of "commit ssl ca-file" or
"commit ssl crl-file" commands, the link is released. But we walk through
the list using the unsafe macro. list_for_each_entry_safe() must be used.

This bug was introduced by commit 056ad01d5 ("BUG/MINOR: ssl: leak of
ckch_inst_link in ckch_inst_free()"). Thus this patch must be backported as
far as 2.5.
1 file changed
tree: dbc8b2b93936945bc423ed6d151d3fe14c5fcd08
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. CHANGELOG
  19. CONTRIBUTING
  20. INSTALL
  21. LICENSE
  22. MAINTAINERS
  23. Makefile
  24. README
  25. SUBVERS
  26. VERDATE
  27. VERSION