BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert"

A potential null pointer dereference was reported with an old gcc version (6.5) src/ssl_ckch.c: In function 'cli_parse_set_cert': src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference] if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference] src/ssl_ckch.c: In function 'ckchs_dup': src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference] if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference] cc1: all warnings being treated as errors This case does not actually happen but it's better to fix the ckch API with a NULL check. Could be backported as far as 2.1.
2024-12-16 08:24:42 +00:00 · 2021-02-23 14:45:45 +01:00 · 2021-02-23 14:45:45 +01:00 · 6c0961442c
commit 6c0961442c
parent 6bcdc6530a
1 changed files with 6 additions and 0 deletions
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@ -662,6 +662,9 @@ void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain *ckch)
 struct cert_key_and_chain *ssl_sock_copy_cert_key_and_chain(struct cert_key_and_chain *src,
                                                                   struct cert_key_and_chain *dst)
 {
+	if (!src || !dst)
+		return NULL;
+
 	if (src->cert) {
 		dst->cert = src->cert;
 		X509_up_ref(src->cert);
@ -833,6 +836,9 @@ struct ckch_store *ckchs_dup(const struct ckch_store *src)
 {
 	struct ckch_store *dst;

+	if (!src)
+		return NULL;
+
 	dst = ckch_store_new(src->path);

 	if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))