8f71298de2fa153fa9855711b992f52cfb8fb1ff - haproxy

commit	8f71298de2fa153fa9855711b992f52cfb8fb1ff	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Tue Feb 23 14:45:45 2021 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Tue Feb 23 15:19:44 2021 +0100
tree	085e1426c68e9e782c18879f11b41307f3d23846
parent	ecae6e9e3c3313ed7567b0b5799dbabfc4168da6 [diff]

BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert"

A potential null pointer dereference was reported with an old gcc
version (6.5)

    src/ssl_ckch.c: In function 'cli_parse_set_cert':
    src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference]
      if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference]
    src/ssl_ckch.c: In function 'ckchs_dup':
    src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference]
      if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference]
    cc1: all warnings being treated as errors

This case does not actually happen but it's better to fix the ckch API
with a NULL check.

Could be backported as far as 2.1.

(cherry picked from commit 6c0961442c5e19a1bfc706374f96cfbd42feaeb2)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>

src/ssl_ckch.c[diff]

1 file changed

tree: 085e1426c68e9e782c18879f11b41307f3d23846