mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 22:01:31 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print

Browse Source 
The b_istput function called to append the last data block to the end of
an OCSP response's detailed output was not checked in
ssl_ocsp_response_print. The ssl_ocsp_response_print return value checks
were added as well since some of them were missing.
This error was raised by Coverity (CID 1469513).

This patch fixes GitHub issue #1541.
It can be backported to 2.5.
This commit is contained in:
Remi Tricot-Le Breton 2022-02-16 14:42:22 +01:00 committed by William Lallemand
parent 4f4f2b7b5f
commit a9a591ab3d
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/ssl_ckch.c
View File

@ -1619,7 +1619,8 @@ static int cli_io_handler_show_cert_ocsp_detail(struct appctx *appctx)
* Otherwise, we must rebuild the certificate's certid in order to
* look for the current OCSP response in the tree. */
if (from_transaction && ckchs->ckch->ocsp_response) {
ssl_ocsp_response_print(ckchs->ckch->ocsp_response, out);
if (ssl_ocsp_response_print(ckchs->ckch->ocsp_response, out))
goto end_no_putchk;
}
else {
unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH] = {};
@ -1628,7 +1629,8 @@ static int cli_io_handler_show_cert_ocsp_detail(struct appctx *appctx)
if (ckch_store_build_certid(ckchs, (unsigned char*)key, &key_length) < 0)
goto end_no_putchk;
ssl_get_ocspresponse_detail(key, out);
if (ssl_get_ocspresponse_detail(key, out))
goto end_no_putchk;
}
if (ci_putchk(si_ic(si), out) == -1) {

10
src/ssl_sock.c
View File

@ -7567,6 +7567,7 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
int write = -1;
OCSP_RESPONSE *resp;
const unsigned char *p;
int retval = -1;
if (!ocsp_response)
return -1;
@ -7619,13 +7620,13 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
ist_double_lf = istist(ist_block, double_lf);
}
b_istput(out, ist_block);
retval = (b_istput(out, ist_block) <= 0);
}
if (bio)
BIO_free(bio);
return 0;
return retval;
}
/*
@ -7656,7 +7657,10 @@ static int cli_io_handler_show_ocspresponse_detail(struct appctx *appctx)
if (trash == NULL)
return 1;
ssl_ocsp_response_print(&ocsp->response, trash);
if (ssl_ocsp_response_print(&ocsp->response, trash)) {
free_trash_chunk(trash);
return 1;
}
if (ci_putchk(si_ic(si), trash) == -1) {
si_rx_room_blk(si);