gamzinav/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MINOR: ssl: Fix fd leak on error path when a TLS ticket keys file is parsed

Browse Source 
When an error occurred in the function bind_parse_tls_ticket_keys(), during the
configuration parsing, the opened file is not always closed. To fix the bug, all
errors are catched at the same place, where all ressources are released.

This patch fixes the bug #325. It must be backported as far as 1.7.
This commit is contained in:
Christopher Faulet 2019-10-21 09:55:49 +02:00
parent f7f488d8e9
commit e566f3db11
1 changed files with 22 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/ssl_sock.c
View File

@ -8488,15 +8488,15 @@ static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, str
static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
{
#if (defined SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB && TLS_TICKETS_NO > 0)
FILE *f;
FILE *f = NULL;
int i = 0;
char thisline[LINESIZE];
struct tls_keys_ref *keys_ref;
struct tls_keys_ref *keys_ref = NULL;
if (!*args[cur_arg + 1]) {
if (err)
memprintf(err, "'%s' : missing TLS ticket keys file path", args[cur_arg]);
return ERR_ALERT | ERR_FATAL;
goto fail;
}
keys_ref = tlskeys_ref_lookup(args[cur_arg + 1]);
@ -8506,36 +8506,31 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
return 0;
}
keys_ref = malloc(sizeof(*keys_ref));
keys_ref = calloc(1, sizeof(*keys_ref));
if (!keys_ref) {
if (err)
memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
goto fail;
}
keys_ref->tlskeys = malloc(TLS_TICKETS_NO * sizeof(union tls_sess_key));
if (!keys_ref->tlskeys) {
free(keys_ref);
if (err)
memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
goto fail;
}
if ((f = fopen(args[cur_arg + 1], "r")) == NULL) {
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : unable to load ssl tickets keys file", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
goto fail;
}
keys_ref->filename = strdup(args[cur_arg + 1]);
if (!keys_ref->filename) {
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : allocation error", args[cur_arg+1]);
return ERR_ALERT | ERR_FATAL;
goto fail;
}
keys_ref->key_size_bits = 0;
@ -8552,13 +8547,9 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
dec_size = base64dec(thisline, len, (char *) (keys_ref->tlskeys + i % TLS_TICKETS_NO), sizeof(union tls_sess_key));
if (dec_size < 0) {
free(keys_ref->filename);
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : unable to decode base64 key on line %d", args[cur_arg+1], i + 1);
fclose(f);
return ERR_ALERT | ERR_FATAL;
goto fail;
}
else if (!keys_ref->key_size_bits && (dec_size == sizeof(struct tls_sess_key_128))) {
keys_ref->key_size_bits = 128;
@ -8569,25 +8560,17 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
else if (((dec_size != sizeof(struct tls_sess_key_128)) && (dec_size != sizeof(struct tls_sess_key_256)))
|| ((dec_size == sizeof(struct tls_sess_key_128) && (keys_ref->key_size_bits != 128)))
|| ((dec_size == sizeof(struct tls_sess_key_256) && (keys_ref->key_size_bits != 256)))) {
free(keys_ref->filename);
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : wrong sized key on line %d", args[cur_arg+1], i + 1);
fclose(f);
return ERR_ALERT | ERR_FATAL;
goto fail;
}
i++;
}
if (i < TLS_TICKETS_NO) {
free(keys_ref->filename);
free(keys_ref->tlskeys);
free(keys_ref);
if (err)
memprintf(err, "'%s' : please supply at least %d keys in the tls-tickets-file", args[cur_arg+1], TLS_TICKETS_NO);
fclose(f);
return ERR_ALERT | ERR_FATAL;
goto fail;
}
fclose(f);
@ -8603,6 +8586,17 @@ static int bind_parse_tls_ticket_keys(char **args, int cur_arg, struct proxy *px
LIST_ADD(&tlskeys_reference, &keys_ref->list);
return 0;
fail:
if (f)
fclose(f);
if (keys_ref) {
free(keys_ref->filename);
free(keys_ref->tlskeys);
free(keys_ref);
}
return ERR_ALERT | ERR_FATAL;
#else
if (err)
memprintf(err, "'%s' : TLS ticket callback extension not supported", args[cur_arg]);