BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print When calling ssl_ocsp_response_print which is used to display an OCSP response's details when calling the "show ssl ocsp-response" on the CLI, we use the BIO_read function that copies an OpenSSL BIO into a trash. The return value was not checked though, which could lead to some crashes since BIO_read can return a negative value in case of error. This patch should be backported to 2.5.

commit: 1b01b7f2eff33ca9bd1da9fa628fd07a48c5a7cc [log] [tgz]
author: Remi Tricot-Le Breton <rlebreton@haproxy.com> Wed Feb 16 15:17:09 2022 +0100
committer: William Lallemand <wlallemand@haproxy.org> Fri Feb 18 09:58:04 2022 +0100
tree: e7dee7ec83a6c8b706abf4ae1629ed0807c5840c
parent: 8081b6769902899346f4c717007841190118d349 [diff] [blame]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4d2fcc3..460eb60 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -7593,6 +7593,8 @@
 		static struct ist double_lf = IST("\n\n");
 
 		write = BIO_read(bio, trash->area, trash->size - 1);
+		if (write <= 0)
+			goto end;
 		trash->data = write;
 
 		/* Look for empty lines in the 'trash' buffer and add a space to
commit	1b01b7f2eff33ca9bd1da9fa628fd07a48c5a7cc	[log] [tgz]
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>	Wed Feb 16 15:17:09 2022 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Fri Feb 18 09:58:04 2022 +0100
tree	e7dee7ec83a6c8b706abf4ae1629ed0807c5840c
parent	8081b6769902899346f4c717007841190118d349 [diff] [blame]