Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / f45355ee5ddae53efd8d785c59eab2a491d65a56
commitf45355ee5ddae53efd8d785c59eab2a491d65a56[log] [tgz]
authorValentine Krasnobaeva <vkrasnobaeva@haproxy.com>Mon Jul 15 14:57:05 2024 +0200
committerWilly Tarreau <w@1wt.eu>Mon Jul 29 14:55:00 2024 +0200
tree5a99199003b0bfd54163d9a76af5d2b136d2c434
parentdee5920e34cf1f1915409cef5ae78bee097abf12 [diff]
BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path

We could run under heavy load in containers or on premises and some automatic
tool in parallel could use CLI to check OCSP updates statuses or to upload new
OCSP responses. So, calloc() to store OCSP update callback arguments may fail
and ocsp_tree_lock need to be unlocked, when exiting due to this failure.

This needs to be backported in all stable versions until v2.4.0 included.

(cherry picked from commit 9371c28c28311f34d03c6e44bbeaf2214a1bec44)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 47852a2c86efc29c56946f82d3196bd823550950)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 48292d62a086c0d4e595130a2f32599f91541805)
Signed-off-by: Willy Tarreau <w@1wt.eu>
1 file changed
tree: 5a99199003b0bfd54163d9a76af5d2b136d2c434
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. BRANCHES
  18. BSDmakefile
  19. CHANGELOG
  20. CONTRIBUTING
  21. INSTALL
  22. LICENSE
  23. MAINTAINERS
  24. Makefile
  25. README
  26. SUBVERS
  27. VERDATE
  28. VERSION