BUG/MINOR: ssl/cli: check trash allocation in cli_io_handler_commit_cert() Possible NULL pointer dereference found by coverity. Fix #350 #340.

commit: 33cc76f918e4a7a76360e88f6ed50f924befeef9 [log] [tgz]
author: William Lallemand <wlallemand@haproxy.com> Thu Oct 31 11:43:45 2019 +0100
committer: William Lallemand <wlallemand@haproxy.org> Thu Oct 31 11:48:01 2019 +0100
tree: 1943d2dfdb85b94f6e5df6c02f651e96ee86e63f
parent: ae6f125c7b33454770aaa363101384e8daafc2a2 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0e4244d..772310b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -10016,6 +10016,9 @@
 	struct ckch_inst *ckchi, *ckchis;
 	struct buffer *trash = alloc_trash_chunk();
 
+	if (trash == NULL)
+		goto error;
+
 	if (unlikely(si_ic(si)->flags & (CF_WRITE_ERROR|CF_SHUTW)))
 		goto error;
 
@@ -10142,10 +10145,12 @@
 
 error:
 	/* spin unlock and free are done in the release  function */
-	chunk_appendf(trash, "\n%sFailed!\n", err);
-	if (ci_putchk(si_ic(si), trash) == -1)
-		si_rx_room_blk(si);
-	free_trash_chunk(trash);
+	if (trash) {
+		chunk_appendf(trash, "\n%sFailed!\n", err);
+		if (ci_putchk(si_ic(si), trash) == -1)
+			si_rx_room_blk(si);
+		free_trash_chunk(trash);
+	}
 	/* error: call the release function and don't come back */
 	return 1;
 }
commit	33cc76f918e4a7a76360e88f6ed50f924befeef9	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.com>	Thu Oct 31 11:43:45 2019 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Thu Oct 31 11:48:01 2019 +0100
tree	1943d2dfdb85b94f6e5df6c02f651e96ee86e63f
parent	ae6f125c7b33454770aaa363101384e8daafc2a2 [diff]