mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-03-17 21:11:13 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl-sample: Fix sample_conv_sha2() by checking EVP_Digest* failures

Browse Source 
In sample_conv_sha2(), calls to EVP_Digest* can fail. So we must check
return value of each call and report a error on failure and release the
digest context.

This patch should fix the issue #3274. It should be backported as far as
2.6.
This commit is contained in:
Christopher Faulet 2026-03-06 08:59:01 +01:00
parent b48c9a1465
commit bfe5a2c3d7
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/ssl_sample.c
View File

@ -147,9 +147,14 @@ static int sample_conv_sha2(const struct arg *arg_p, struct sample *smp, void *p
mdctx = EVP_MD_CTX_new();
if (!mdctx)
return 0;
EVP_DigestInit_ex(mdctx, evp, NULL);
EVP_DigestUpdate(mdctx, smp->data.u.str.area, smp->data.u.str.data);
EVP_DigestFinal_ex(mdctx, (unsigned char*)trash->area, &digest_length);
if (!EVP_DigestInit_ex(mdctx, evp, NULL) ||
!EVP_DigestUpdate(mdctx, smp->data.u.str.area, smp->data.u.str.data) ||
!EVP_DigestFinal_ex(mdctx, (unsigned char*)trash->area, &digest_length)) {
EVP_MD_CTX_free(mdctx);
return 0;
}
trash->data = digest_length;
EVP_MD_CTX_free(mdctx);