1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp()

Browse Source 
Check the return of the calloc in ssl_sock_load_ocsp() which could lead
to a NULL dereference.

This was introduced by commit be2774d ("MEDIUM: ssl: Added support for
Multi-Cert OCSP Stapling").

Could be backported as far as 1.7.
This commit is contained in:
William Lallemand 2020-07-31 11:43:20 +02:00 committed by William Lallemand
parent 6b79f38a7a
commit a560c06af7
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_sock.c
View File

@ -1342,9 +1342,13 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc
SSL_CTX_get_tlsext_status_cb(ctx, &callback);
if (!callback) {
struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
struct ocsp_cbk_arg *cb_arg;
EVP_PKEY *pkey;
cb_arg = calloc(1, sizeof(*cb_arg));
if (!cb_arg)
goto out;
cb_arg->is_single = 1;
cb_arg->s_ocsp = iocsp;