From: Willy Tarreau Date: Wed, 4 May 2022 14:01:24 +0000 (+0200) Subject: BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts X-Git-Tag: v2.6-dev9~77 X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=4cf3ef8007f51e91af599e8450ab224101c79ae3;p=haproxy-3.0.git BUG/MINOR: ssl/cli: fix "show ssl crl-file" not to mix cli+ssl contexts The "show ssl crl-file" command mixes some generic pointers from the "ctx.cli" struct with context-specific ones from "ctx.ssl" while both are in a union. It's fortunate that the p1 pointer in use is located before the first one used (it overlaps with old_cafile_entry). But should these fields be reordered or slightly updated this will break. This needs to be backported to 2.5. --- diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index 81de807..cb0ed5f 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -3603,7 +3603,7 @@ end: } /* IO handler of details "show ssl crl-file ". - * It uses ctx.ssl.cur_cafile_entry, ctx.cli.p1, ctx.cli.i1, and + * It uses ctx.ssl.cur_cafile_entry, ctx.ssl.index, and * the global crlfile_transaction.new_cafile_entry in read-only. */ static int cli_io_handler_show_crlfile_detail(struct appctx *appctx) @@ -3615,7 +3615,7 @@ static int cli_io_handler_show_crlfile_detail(struct appctx *appctx) X509_CRL *crl; STACK_OF(X509_OBJECT) *objs; int retval = 0; - long index = (long)appctx->ctx.cli.p1; + int index = appctx->ctx.ssl.index; if (!out) goto end_no_putchk; @@ -3669,7 +3669,7 @@ yield: } /* parsing function for 'show ssl crl-file [crlfile[:index]]'. - * It sets ctx.ssl.cur_cafile_entry, ctx.cli.p1, and the global + * It sets ctx.ssl.cur_cafile_entry, ctx.ssl.index, and the global * cafile_transaction.new_crlfile_entry under the ckch_lock. */ static int cli_parse_show_crlfile(char **args, char *payload, struct appctx *appctx, void *private) @@ -3721,7 +3721,7 @@ static int cli_parse_show_crlfile(char **args, char *payload, struct appctx *app } appctx->ctx.ssl.cur_cafile_entry = cafile_entry; - appctx->ctx.cli.p1 = (void*)index; + appctx->ctx.ssl.index = index; /* use the IO handler that shows details */ appctx->io_handler = cli_io_handler_show_crlfile_detail; }