From a316342ec68be63c784b0efcd7f4b876dbdc432d Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Wed, 10 Sep 2025 10:13:22 +0200 Subject: [PATCH] BUG/MINOR: ssl: Potential NULL deref in trace macro 'ctx' might be NULL when we exit 'ssl_sock_handshake', it can't be dereferenced without check in the trace macro. This was found by Coverity andraised in GitHub #3113. This patch should be backported up to 3.2. --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index b973a3967..c6bfcf5e3 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5909,7 +5909,7 @@ reneg_ok: if (!conn->err_code) conn->err_code = CO_ER_SSL_HANDSHAKE; - TRACE_ERROR("handshake error", SSL_EV_CONN_HNDSHK|SSL_EV_CONN_ERR, conn, ctx->ssl, &conn->err_code, &ctx->error_code); + TRACE_ERROR("handshake error", SSL_EV_CONN_HNDSHK|SSL_EV_CONN_ERR, conn, ctx->ssl, &conn->err_code, (ctx ? &ctx->error_code : NULL)); return 0; }