Repositories - haproxy-2.1.git/commit

author	William Lallemand <wlallemand@haproxy.org>
	Tue, 23 Feb 2021 13:45:45 +0000 (14:45 +0100)
committer	Christopher Faulet <cfaulet@haproxy.com>
	Fri, 26 Feb 2021 15:54:29 +0000 (16:54 +0100)
commit	d9c2214b030b9ab196317e0d5a823a2d1f625b45
tree	ea51c2a4662df100356eb8815709bd5f609d462d	tree \| snapshot
parent	6d70ebf52f108193cabcce1aaac75341fcd1f1d2	commit \| diff

BUG/MINOR: ssl/cli: potential null pointer dereference in "set ssl cert"

A potential null pointer dereference was reported with an old gcc
version (6.5)

    src/ssl_ckch.c: In function 'cli_parse_set_cert':
    src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference]
      if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference]
    src/ssl_ckch.c: In function 'ckchs_dup':
    src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference]
      if (!ssl_sock_copy_cert_key_and_chain(src->ckch, dst->ckch))
           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    src/ssl_ckch.c:838:7: error: potential null pointer dereference [-Werror=null-dereference]
    cc1: all warnings being treated as errors

This case does not actually happen but it's better to fix the ckch API
with a NULL check.

Could be backported as far as 2.1.

(cherry picked from commit 6c0961442c5e19a1bfc706374f96cfbd42feaeb2)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
(cherry picked from commit 8f71298de2fa153fa9855711b992f52cfb8fb1ff)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 1e5d84df6510c2fbac974c3372e46e027b56922c)
[cf: Changes applied in src/ssl_sock.c]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>