commit 6c3cc56a7b059af91363a2d3c4bf8b9f28e3d999
author Willy Tarreau <w@1wt.eu> Mon May 09 21:14:04 2022 +0200
committer Christopher Faulet <cfaulet@haproxy.com> Fri May 13 13:51:29 2022 +0200
tree 787f78f03be8e5634753ae917332513c5f0cf1b8
parent ee3ec4033f414716e68f7358a384841faf06ad48

BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-(

... or how a bogus warning forces you to do tricky changes in your code
and fail on a length test condition! Fortunately it changed in the right
direction that immediately broke, due to a missing "> sizeof(path)" that
had to be added to the already ugly condition.

This fixes recent commit 393e42ae5 ("BUILD: ssl: work around bogus warning
in gcc 12's -Wformat-truncation"). It may have to be backported if that
one is backported.

(cherry picked from commit 63fc900ba282437b96868103f1eb7db9ee7f482c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit dc8262796d95b4c1064fc800c888d174c31cf531)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

src/ssl_crtlist.c

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 9a79ae5..6b400e2 100644
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -516,7 +516,7 @@
 
 		if (*crt_path != '/' && global_ssl.crt_base) {
 			if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > sizeof(path) ||
-			    snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, crt_path)) {
+			    snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, crt_path) > sizeof(path)) {
 				memprintf(err, "parsing [%s:%d]: '%s' : path too long",
 					  file, linenum, crt_path);
 				cfgerr |= ERR_ALERT | ERR_FATAL;