6ac61e39c491f6ca5a1843c787da2e92818ee02a - haproxy

commit	6ac61e39c491f6ca5a1843c787da2e92818ee02a	[log] [tgz]
author	Eric Salama <esalama@haproxy.com>	Tue Feb 23 16:50:57 2021 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Fri Feb 26 09:49:35 2021 +0100
tree	9047e8b1eca1c082ee4033e48c26b32d6315e930
parent	d8aa21a611435446dcd2e498b77db0af7b87799e [diff]

BUG/MINOR: ssl: potential null pointer dereference in ckchs_dup()

A potential null pointer dereference was reported with an old gcc
version (6.5)

    src/ssl_ckch.c: In function 'cli_parse_set_cert':
    src/ssl_ckch.c:844:7: error: potential null pointer dereference [-Werror=null-dereference]
      if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
	   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    src/ssl_ckch.c:844:7: error: potential null pointer dereference [-Werror=null-dereference]
    src/ssl_ckch.c: In function 'ckchs_dup':
    src/ssl_ckch.c:844:7: error: potential null pointer dereference [-Werror=null-dereference]
      if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
	   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    src/ssl_ckch.c:844:7: error: potential null pointer dereference [-Werror=null-dereference]

This could happen if ckch_store_new() fails to allocate memory and returns NULL.

This patch must be backported with 8f71298 since it was wrongly fixed and
the bug could happen.

Must be backported as far as 2.2.

src/ssl_ckch.c[diff]

1 file changed

tree: 9047e8b1eca1c082ee4033e48c26b32d6315e930