From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 16 Feb 2022 14:17:09 +0000 (+0100)
Subject: BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
X-Git-Tag: v2.5.3~5
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=8fb9119de7e44ee9abe1f3c1f3ed234037abbf12;p=haproxy-2.5.git

BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print

When calling ssl_ocsp_response_print which is used to display an OCSP
response's details when calling the "show ssl ocsp-response" on the CLI,
we use the BIO_read function that copies an OpenSSL BIO into a trash.
The return value was not checked though, which could lead to some
crashes since BIO_read can return a negative value in case of error.

This patch should be backported to 2.5.

(cherry picked from commit 1b01b7f2eff33ca9bd1da9fa628fd07a48c5a7cc)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f4efee9..0f38f47 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7388,6 +7388,8 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
 		static struct ist double_lf = IST("\n\n");
 
 		write = BIO_read(bio, trash->area, trash->size - 1);
+		if (write <= 0)
+			goto end;
 		trash->data = write;
 
 		/* Look for empty lines in the 'trash' buffer and add a space to