From 881cce9f139ddc4f02994ad443f9fc250e34da7c Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 23 Nov 2022 09:27:13 +0100
Subject: [PATCH] BUILD: ssl-sock: Silent error about NULL deref in
 ssl_sock_bind_verifycbk()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In ssl_sock_bind_verifycbk(), when compiled without QUIC support, the
compiler may report an error during compilation about a possible NULL
dereference:

src/ssl_sock.c: In function ‘ssl_sock_bind_verifycbk’:
src/ssl_sock.c:1738:12: error: potential null pointer dereference [-Werror=null-dereference]
 1738 |         ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
      |         ~~~^~~~~~~~~

A BUG_ON() was addeded because it must never happen. But when compiled
without DEBUG_STRICT, there is nothing to help the compiler. Thus
ALREADY_CHECKED() macro is used. The ssl-sock context and the bind config
are concerned.

This patch must be backported to 2.6.
---
 src/ssl_sock.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2a4d64429..ad40b75ce 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1734,6 +1734,8 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
 #endif
 
 	BUG_ON(!ctx || !bind_conf);
+	ALREADY_CHECKED(ctx);
+	ALREADY_CHECKED(bind_conf);
 
 	ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;