projects / haproxy-3.0.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 47ed118) | patch
BUG/MEDIUM: ssl: segfault when cipher is NULL
authorWilliam Lallemand <wlallemand@haproxy.com>
Mon, 30 Oct 2023 17:08:16 +0000 (18:08 +0100)
committerWilliam Lallemand <wlallemand@haproxy.com>
Mon, 30 Oct 2023 17:08:16 +0000 (18:08 +0100)
commite7bae7a0b620485407a34018709e9a1ad865e7a5
treef4afd65bb7330f303a62793cdb5864c72880bc70tree | snapshot
parent47ed1181f29a56ccb04e5b80ef4f9414466ada7acommit | diff
BUG/MEDIUM: ssl: segfault when cipher is NULL

The patch which fixes the certificate selection uses
SSL_CIPHER_get_id() to skip the SCSV ciphers without checking if cipher
is NULL. This patch fixes the issue by skipping any NULL cipher in the
iteration.

Problem was reported in #2329.

Need to be backported where 23093c72f139eddfce68ea5580193ee131901591 was
backported. No release was made with this patch so the severity is
MEDIUM.
src/ssl_sock.c diff | blob | history
haproxy-3.0 public tree. Stable production code.