BUG/MEDIUM: cli/ssl: don't store base64dec() result in the trash's length
By convenience or laziness we used to store base64dec()'s return code
into trash.data and to compare it against 0 to check for conversion
failure, but it's now unsigned since commit 843b7cb ("MEDIUM: chunks:
make the chunk struct's fields match the buffer struct"). Let's clean
this up and test the result itself without storing it first.
No backport is needed.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5610a41..5dbd6b6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -8572,6 +8572,7 @@
static int cli_parse_set_tlskeys(char **args, char *payload, struct appctx *appctx, void *private)
{
struct tls_keys_ref *ref;
+ int ret;
/* Expect two parameters: the filename and the new new TLS key in encoding */
if (!*args[3] || !*args[4]) {
@@ -8589,14 +8590,14 @@
return 1;
}
- trash.data = base64dec(args[4], strlen(args[4]), trash.area,
- trash.size);
- if (trash.data != sizeof(struct tls_sess_key)) {
+ ret = base64dec(args[4], strlen(args[4]), trash.area, trash.size);
+ if (ret != sizeof(struct tls_sess_key)) {
appctx->ctx.cli.severity = LOG_ERR;
appctx->ctx.cli.msg = "'set ssl tls-key' received invalid base64 encoded TLS key.\n";
appctx->st0 = CLI_ST_PRINT;
return 1;
}
+ trash.data = ret;
ssl_sock_update_tlskey_ref(ref, &trash);
appctx->ctx.cli.severity = LOG_INFO;
appctx->ctx.cli.msg = "TLS ticket key updated!\n";
@@ -8610,7 +8611,7 @@
{
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
char *err = NULL;
- int i, j;
+ int i, j, ret;
if (!payload)
payload = args[3];
@@ -8631,14 +8632,15 @@
}
payload[j] = 0;
- trash.data = base64dec(payload, j, trash.area, trash.size);
- if (trash.data < 0) {
+ ret = base64dec(payload, j, trash.area, trash.size);
+ if (ret < 0) {
appctx->ctx.cli.severity = LOG_ERR;
appctx->ctx.cli.msg = "'set ssl ocsp-response' received invalid base64 encoded response.\n";
appctx->st0 = CLI_ST_PRINT;
return 1;
}
+ trash.data = ret;
if (ssl_sock_update_ocsp_response(&trash, &err)) {
if (err) {
memprintf(&err, "%s.\n", err);