From: William Lallemand <wlallemand@haproxy.org>
Date: Thu, 30 Dec 2021 13:45:19 +0000 (+0100)
Subject: BUG/MEDIUM: ssl: free the ckch instance linked to a server
X-Git-Tag: v2.5.1~12
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=89151b7c981c55dd8413fe16e42f8236a3bfb9cd;p=haproxy-2.5.git

BUG/MEDIUM: ssl: free the ckch instance linked to a server

This patch unlinks and frees the ckch instance linked to a server during
the free of this server.

This could have locked certificates in a "Used" state when removing
servers dynamically from the CLI. And could provoke a segfault once we
try to dynamically update the certificate after that.

This must be backported as far as 2.4.

(cherry picked from commit e69563fd8ed1a492ae4547451935908c0802e2c4)
Signed-off-by: Willy Tarreau <w@1wt.eu>
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 953c5ca..5305864 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5224,6 +5224,8 @@ void ssl_sock_free_srv_ctx(struct server *srv)
 #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
 	ha_free(&srv->ssl_ctx.ciphersuites);
 #endif
+	/* If there is a certificate we must unlink the ckch instance */
+	ckch_inst_free(srv->ssl_ctx.inst);
 }
 
 /* Walks down the two trees in bind_conf and frees all the certs. The pointer may