------------------------------------------------------------ revno: 13850 revision-id: squid3@treenet.co.nz-20150628100558-bn224a6mbjwehk18 parent: squid3@treenet.co.nz-20150628100416-wgn9mbagafa1qi09 author: Alex Rousskov committer: Amos Jeffries branch nick: 3.5 timestamp: Sun 2015-06-28 03:05:58 -0700 message: Bug 4183: segfault when freeing https_port clientca on reconfigure or exit. AnyP::PortCfg::clientCA list was double-freed because the SSL context takes ownership of the STACK_OF(X509_NAME) supplied via SSL_CTX_set_client_CA_list(), but Squid was not aware of that. Squid now supplies a clone of clientCA. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20150628100558-bn224a6mbjwehk18 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # testament_sha1: 809b2cf100c3a88c8ae572dcd6389f4d7a9603a0 # timestamp: 2015-06-28 10:15:46 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # base_revision_id: squid3@treenet.co.nz-20150628100416-\ # wgn9mbagafa1qi09 # # Begin patch === modified file 'src/ssl/support.cc' --- src/ssl/support.cc 2015-06-28 10:04:16 +0000 +++ src/ssl/support.cc 2015-06-28 10:05:58 +0000 @@ -902,7 +902,13 @@ if (port.clientCA.get()) { ERR_clear_error(); - SSL_CTX_set_client_CA_list(sslContext, port.clientCA.get()); + if (STACK_OF(X509_NAME) *clientca = SSL_dup_CA_list(port.clientCA.get())) { + SSL_CTX_set_client_CA_list(sslContext, clientca); + } else { + ssl_error = ERR_get_error(); + debugs(83, DBG_CRITICAL, "ERROR: Failed to dupe the client CA list: " << ERR_error_string(ssl_error, NULL)); + return false; + } if (port.sslContextFlags & SSL_FLAG_DELAYED_AUTH) { debugs(83, 9, "Not requesting client certificates until acl processing requires one");