From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 19 May 2021 12:57:04 +0000 (+0200)
Subject: MINOR: ssl: check allocation in parse ciphers/ciphersuites/verifyhost
X-Git-Tag: v2.5-dev1~77
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=cbbf87f119e7388dd60821551758d3106ed47075;p=haproxy-2.5.git

MINOR: ssl: check allocation in parse ciphers/ciphersuites/verifyhost

These checks are especially required now as this function will be used
at runtime for dynamic servers.
---

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 3739f3c..2adb92e 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1414,6 +1414,12 @@ static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct
 
 	free(newsrv->ssl_ctx.ciphers);
 	newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
+
+	if (!newsrv->ssl_ctx.ciphers) {
+		memprintf(err, "'%s' : not enough memory", args[*cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+
 	return 0;
 }
 
@@ -1428,6 +1434,12 @@ static int srv_parse_ciphersuites(char **args, int *cur_arg, struct proxy *px, s
 
 	free(newsrv->ssl_ctx.ciphersuites);
 	newsrv->ssl_ctx.ciphersuites = strdup(args[*cur_arg + 1]);
+
+	if (!newsrv->ssl_ctx.ciphersuites) {
+		memprintf(err, "'%s' : not enough memory", args[*cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+
 	return 0;
 }
 #endif
@@ -1641,6 +1653,11 @@ static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, str
 	free(newsrv->ssl_ctx.verify_host);
 	newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
 
+	if (!newsrv->ssl_ctx.verify_host) {
+		memprintf(err, "'%s' : not enough memory", args[*cur_arg]);
+		return ERR_ALERT | ERR_FATAL;
+	}
+
 	return 0;
 }