From e239e4938d89956e7820be4a0f26e782a86bcf6d Mon Sep 17 00:00:00 2001
From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Mon, 14 Nov 2022 15:15:52 +0100
Subject: [PATCH] BUG/MINOR: ssl: Fix potential overflow

Coverity raised a potential overflow issue in these new functions that
work on unsigned long long objects. They were added in commit 9b25982
"BUG/MEDIUM: ssl: Verify error codes can exceed 63".

This patch needs to be backported alongside 9b25982.
---
 include/haproxy/ssl_sock.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index d24b17f5b..583266247 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -164,7 +164,7 @@ static inline int cert_ignerr_bitfield_get(const unsigned long long *bitfield, i
 	int val = 0;
 
 	if (byte_index < IGNERR_BF_SIZE)
-		val = bitfield[byte_index] & (1 << (bit_index & 0x3F));
+		val = bitfield[byte_index] & (1ULL << (bit_index & 0x3F));
 
 	return val != 0;
 }
@@ -174,7 +174,7 @@ static inline void cert_ignerr_bitfield_set(unsigned long long *bitfield, int bi
 	int byte_index = bit_index >> 6;
 
 	if (byte_index < IGNERR_BF_SIZE)
-		bitfield[byte_index] |= (1 << (bit_index & 0x3F));
+		bitfield[byte_index] |= (1ULL << (bit_index & 0x3F));
 }
 
 static inline void cert_ignerr_bitfield_set_all(unsigned long long *bitfield)