RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUILD: ssl-sock: Silent error about NULL deref in ssl_sock_bind_verifycbk() 

In ssl_sock_bind_verifycbk(), when compiled without QUIC support, the
compiler may report an error during compilation about a possible NULL
dereference:

src/ssl_sock.c: In function ‘ssl_sock_bind_verifycbk’:
src/ssl_sock.c:1738:12: error: potential null pointer dereference [-Werror=null-dereference]
 1738 |         ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
      |         ~~~^~~~~~~~~

A BUG_ON() was addeded because it must never happen. But when compiled
without DEBUG_STRICT, there is nothing to help the compiler. Thus
ALREADY_CHECKED() macro is used. The ssl-sock context and the bind config
are concerned.

This patch must be backported to 2.6.
This commit is contained in:
Christopher Faulet 2022-11-23 09:27:13 +01:00
parent ed36968f16
commit 881cce9f13
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_sock.c
View File

@ -1734,6 +1734,8 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
#endif
BUG_ON(!ctx || !bind_conf);
ALREADY_CHECKED(ctx);
ALREADY_CHECKED(bind_conf);
ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;