commit 9a4da683a6a0ce312c7e302245d6e327858d7ee8
author Aurélien Nephtali <aurelien.nephtali@corp.ovh.com> Mon Apr 16 19:02:42 2018 +0200
committer Willy Tarreau <w@1wt.eu> Mon Apr 16 19:23:16 2018 +0200
tree b16676ca02e9ca8708149e5bcc8eb0acb047b052
parent c511b7cc97482e7193aa19b8e571fa2ac851ea46

MINOR: cli: Ensure the CLI always outputs an error when it should

When using the CLI_ST_PRINT_FREE state, always output something back
if the faulty function did not fill the 'err' variable.
The map/acl code could lead to a crash whereas the SSL code was silently
failing.

Signed-off-by: Aurélien Nephtali <aurelien.nephtali@corp.ovh.com>

src/map.c

diff --git a/src/map.c b/src/map.c
index 9313dc8..7953c2a 100644
--- a/src/map.c
+++ b/src/map.c
@@ -723,15 +723,21 @@
 				return 1;
 			}
 
-			/* Try to delete the entry. */
+			/* Try to modify the entry. */
 			err = NULL;
 			HA_SPIN_LOCK(PATREF_LOCK, &appctx->ctx.map.ref->lock);
 			if (!pat_ref_set_by_id(appctx->ctx.map.ref, ref, args[4], &err)) {
 				HA_SPIN_UNLOCK(PATREF_LOCK, &appctx->ctx.map.ref->lock);
-				if (err)
+				if (err) {
 					memprintf(&err, "%s.\n", err);
-				appctx->ctx.cli.err = err;
-				appctx->st0 = CLI_ST_PRINT_FREE;
+					appctx->ctx.cli.err = err;
+					appctx->st0 = CLI_ST_PRINT_FREE;
+				}
+				else {
+					appctx->ctx.cli.severity = LOG_ERR;
+					appctx->ctx.cli.msg = "Failed to update an entry.\n";
+					appctx->st0 = CLI_ST_PRINT;
+				}
 				return 1;
 			}
 			HA_SPIN_UNLOCK(PATREF_LOCK, &appctx->ctx.map.ref->lock);
@@ -744,10 +750,16 @@
 			HA_SPIN_LOCK(PATREF_LOCK, &appctx->ctx.map.ref->lock);
 			if (!pat_ref_set(appctx->ctx.map.ref, args[3], args[4], &err)) {
 				HA_SPIN_UNLOCK(PATREF_LOCK, &appctx->ctx.map.ref->lock);
-				if (err)
+				if (err) {
 					memprintf(&err, "%s.\n", err);
-				appctx->ctx.cli.err = err;
-				appctx->st0 = CLI_ST_PRINT_FREE;
+					appctx->ctx.cli.err = err;
+					appctx->st0 = CLI_ST_PRINT_FREE;
+				}
+				else {
+					appctx->ctx.cli.severity = LOG_ERR;
+					appctx->ctx.cli.msg = "Failed to update an entry.\n";
+					appctx->st0 = CLI_ST_PRINT;
+				}
 				return 1;
 			}
 			HA_SPIN_UNLOCK(PATREF_LOCK, &appctx->ctx.map.ref->lock);
@@ -829,10 +841,16 @@
 			ret = pat_ref_add(appctx->ctx.map.ref, args[3], NULL, &err);
 		HA_SPIN_UNLOCK(PATREF_LOCK, &appctx->ctx.map.ref->lock);
 		if (!ret) {
-			if (err)
+			if (err) {
 				memprintf(&err, "%s.\n", err);
-			appctx->ctx.cli.err = err;
-			appctx->st0 = CLI_ST_PRINT_FREE;
+				appctx->ctx.cli.err = err;
+				appctx->st0 = CLI_ST_PRINT_FREE;
+			}
+			else {
+				appctx->ctx.cli.severity = LOG_ERR;
+				appctx->ctx.cli.msg = "Failed to add an entry.\n";
+				appctx->st0 = CLI_ST_PRINT;
+			}
 			return 1;
 		}
 

src/ssl_sock.c

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 8151cb3..23ad35b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -8588,6 +8588,11 @@
 			appctx->ctx.cli.err = err;
 			appctx->st0 = CLI_ST_PRINT_FREE;
 		}
+		else {
+			appctx->ctx.cli.severity = LOG_ERR;
+			appctx->ctx.cli.msg = "Failed to update OCSP response.\n";
+			appctx->st0 = CLI_ST_PRINT;
+		}
 		return 1;
 	}
 	appctx->ctx.cli.severity = LOG_INFO;