BUG/MEDIUM: acme: fix segfault on newOrder with empty authorizations

When an ACME server returns a newOrder response with an empty
authorizations array (certificate already validated), ctx->auths
remains NULL. The state machine then transitions to ACME_AUTH which
immediately dereferences ctx->next_auth, causing a segfault.

Return an error from acme_res_neworder() so the caller retries.

This needs to be backported to 3.2.

diff --git a/src/acme.c b/src/acme.c
index bae7230bb6e2c1c0ab2f571934a1e45b3bbf40cc..def664aa747b75279a2749eab50d35d7ef22f75a 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -2153,6 +2153,7 @@ int acme_res_neworder(struct task *task, struct acme_ctx *ctx, char **errmsg)
 
                auth->auth = istdup(ist2(trash.area, trash.data));
                if (!isttest(auth->auth)) {
+                       free(auth);
                        memprintf(errmsg, "out of memory");
                        goto error;
                }
@@ -2162,6 +2163,11 @@ int acme_res_neworder(struct task *task, struct acme_ctx *ctx, char **errmsg)
                ctx->next_auth = auth;
        }
 
+       if (!ctx->auths) {
+               memprintf(errmsg, "no authorizations found in newOrder response");
+               goto error;
+       }
+
        if ((ret = mjson_get_string(hc->res.buf.area, hc->res.buf.data, "$.finalize", trash.area, trash.size)) <= 0) {
                memprintf(errmsg, "couldn't find the finalize URL");
                goto error;