MINOR: ssl: check allocation in parse npn/sni These checks are especially required now as this function will be used at runtime for dynamic servers.

commit: 1f9333b30eec8535e8f15eb32cc25306fa036b75 [log] [tgz]
author: Amaury Denoyelle <adenoyelle@haproxy.com> Tue Jun 01 11:54:23 2021 +0200
committer: Amaury Denoyelle <adenoyelle@haproxy.com> Fri Jun 18 16:42:25 2021 +0200
tree: 1e5974842a1b92509f551e083ab84d7a59fdeecc
parent: cbbf87f119e7388dd60821551758d3106ed47075 [diff]
diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 2adb92e..11af3aa 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c

@@ -1270,6 +1270,11 @@
 	 */
 	newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
 	newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
+	if (!newsrv->ssl_ctx.npn_str) {
+		memprintf(err, "out of memory");
+		return ERR_ALERT | ERR_FATAL;
+	}
+
 	memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
 	    newsrv->ssl_ctx.npn_len);
 
@@ -1590,6 +1595,10 @@
 
 	free(newsrv->sni_expr);
 	newsrv->sni_expr = strdup(arg);
+	if (!newsrv->sni_expr) {
+		memprintf(err, "out of memory");
+		return ERR_ALERT | ERR_FATAL;
+	}
 
 	return 0;
 #endif
commit	1f9333b30eec8535e8f15eb32cc25306fa036b75	[log] [tgz]
author	Amaury Denoyelle <adenoyelle@haproxy.com>	Tue Jun 01 11:54:23 2021 +0200
committer	Amaury Denoyelle <adenoyelle@haproxy.com>	Fri Jun 18 16:42:25 2021 +0200
tree	1e5974842a1b92509f551e083ab84d7a59fdeecc
parent	cbbf87f119e7388dd60821551758d3106ed47075 [diff]