1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk()

Browse Source 
Even if this cannot happen, ensure <bind_conf> is initialized in this
function to please some compilers.

Takes the opportunity of this patch to replace an ABORT_NOW() by
a BUG_ON() because if the variable values they test are not initialized,
this is really because there is a bug.

Must be backported to 2.6.
This commit is contained in:
Frdric Lcaille 2022-10-14 09:34:00 +02:00 committed by Willy Tarreau
parent ef3e5a1b68
commit 48e46f98cc
1 changed files with 2 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl_sock.c
View File

@ -1713,7 +1713,7 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
int err, depth; int err, depth;
X509 *client_crt; X509 *client_crt;
STACK_OF(X509) *certs; STACK_OF(X509) *certs;
struct bind_conf *bind_conf; struct bind_conf *bind_conf = NULL;
struct quic_conn *qc = NULL; struct quic_conn *qc = NULL;
ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx()); ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
@ -1734,10 +1734,7 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
} }
#endif #endif
if (!ctx || !bind_conf) { BUG_ON(!ctx || !bind_conf);
/* Must never happen */
ABORT_NOW();
}
ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE; ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;