commit f29cdefccd899f7e98f21c971cb5f4257b72dce5
author William Lallemand <wlallemand@haproxy.com> Wed Oct 23 15:00:52 2019 +0200
committer William Lallemand <wlallemand@haproxy.org> Wed Oct 23 15:05:00 2019 +0200
tree 5eb203a0843a0b71dcf8a5bad12e4d008a8a2517
parent 541a534c9f64c505380b936ff15ce91a8179dfa0

BUG/MINOR: ssl/cli: out of bounds when built without ocsp/sctl

Commit 541a534 ("BUG/MINOR: ssl/cli: fix build of SCTL and OCSP")
introduced a bug in which we iterate outside the array durint a 'set ssl
cert' if we didn't built with the ocsp or sctl.

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 151898c..0ef30c7 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -9943,7 +9943,7 @@
 	int type;
 	int (*load)(const char *path, char *payload, struct cert_key_and_chain *ckch, char **err);
 	/* add a parsing callback */
-} cert_exts[CERT_TYPE_MAX] = {
+} cert_exts[CERT_TYPE_MAX+1] = {
 	[CERT_TYPE_PEM]    = { "",        CERT_TYPE_PEM,      &ssl_sock_load_pem_into_ckch }, /* default mode, no extensions */
 #if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) || defined OPENSSL_IS_BORINGSSL)
 	[CERT_TYPE_OCSP]   = { "ocsp",    CERT_TYPE_OCSP,     &ssl_sock_load_ocsp_response_from_file },
@@ -9952,6 +9952,7 @@
 	[CERT_TYPE_SCTL]   = { "sctl",    CERT_TYPE_SCTL,     &ssl_sock_load_sctl_from_file },
 #endif
 	[CERT_TYPE_ISSUER] = { "issuer",  CERT_TYPE_ISSUER,   &ssl_sock_load_issuer_file_into_ckch },
+	[CERT_TYPE_MAX]    = { NULL,      CERT_TYPE_MAX,      NULL },
 };
 
 /* release function of the  `set ssl cert' command, free things and unlock the spinlock */
@@ -10188,7 +10189,7 @@
 	}
 
 	/* check which type of file we want to update */
-	for (i = 0; i < CERT_TYPE_MAX; i++) {
+	for (i = 0; cert_exts[i].type < CERT_TYPE_MAX; i++) {
 		end = strrchr(buf->area, '.');
 		if (end && *cert_exts[i].ext && (!strcmp(end + 1, cert_exts[i].ext))) {
 			*end = '\0';