mirror/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git synced 2026-02-03 23:03:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: Properly manage alloc failures in SSL passphrase callback

Browse Source 
Some error paths in 'ssl_sock_passwd_cb' (allocation failures) did not
set the 'passphrase_idx' to -1 which is the way for the caller to know
not to call the callback again so in some memory contention contexts we
could end up calling the callback 'infinitely' (or until memory is
finally available).

This patch must be backported to 3.3.
This commit is contained in:
Remi Tricot-Le Breton
2026-01-26 11:22:18 +01:00
committed by William Lallemand
parent f4cd1e74ba
commit d2ccc19fde
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssl_sock.c
View File

@@ -3832,13 +3832,16 @@ int ssl_sock_passwd_cb(char *buf, int size, int rwflag, void *userdata)
global_ssl.passphrase_cmd[1] = strdup(data->path);
if (!global_ssl.passphrase_cmd[1]) {
data->passphrase_idx = -1;
ha_alert("ssl_sock_passwd_cb: allocation failure\n");
return -1;
}
if (!passphrase_cache)
if (ssl_sock_create_passphrase_cache())
if (ssl_sock_create_passphrase_cache()) {
data->passphrase_idx = -1;
return -1;
}
/* Try all the already known passphrases first. */
if (data->passphrase_idx < passphrase_idx) {