BUG/MINOR: ssl: Missing goto in error path in ocsp update code

When converting an OCSP request's information into base64, the return value of a2base64 is checked but processing is not interrupted when it returns a negative value, which was caught by coverity. This patch fixes GitHub issue #1974. It does not need to be backported.
2025-08-07 15:47:01 +02:00 · 2023-01-02 15:01:16 +01:00 · 2023-01-02 15:01:16 +01:00 · c389b04bc5
commit c389b04bc5
parent c57fb3be75
1 changed files with 4 additions and 2 deletions
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@ -640,8 +640,6 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re
 		goto end;
 	}

-	errcode = 0;
-
 	/* HTTP based OCSP requests can use either the GET or the POST method to
 	 * submit their requests. To enable HTTP caching, small requests (that
 	 * after encoding are less than 255 bytes), MAY be submitted using GET.
@ -660,6 +658,7 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re

 		if (base64_ret < 0) {
 			memprintf(err, "%sa2base64() error\n", *err ? *err : "");
+			goto end;
 		}

 		b64buf->data = base64_ret;
@ -668,12 +667,15 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re
 		                   query_encode_map, b64buf);
 		if (ret && *ret == '\0') {
 			req_url->data = ret - b_orig(req_url);
+			errcode = 0;
 		}
 	}
 	else {
 		chunk_cpy(req_body, bin_request);
+		errcode = 0;
 	}

+
 end:
 	OCSP_REQUEST_free(ocsp);