From ce7a5e0967b09c8ac9b0078cc647ee0074be34f1 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 12 Apr 2022 07:40:42 +0200 Subject: [PATCH] MINOR: ssl: refine the error testing for fc_err and fc_err_str In issue #1645, coverity suspects some dead code due to a pair of remaining tests on "if (!ctx)". While all other functions test the context earlier, these ones used to only test the connection and the transport. It's still not very clear to me if there are certain error cases that can lead to no SSL being initially set while the rest is ready, and the SSL arriving later, but better preserve this original construct by testing first the connection and only later the context. --- src/ssl_sample.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl_sample.c b/src/ssl_sample.c index fe2817bae..437952619 100644 --- a/src/ssl_sample.c +++ b/src/ssl_sample.c @@ -1655,8 +1655,7 @@ smp_fetch_ssl_fc_err(const struct arg *args, struct sample *smp, const char *kw, conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) : smp->strm ? cs_conn(smp->strm->csb) : NULL; - ctx = conn_get_ssl_sock_ctx(conn); - if (!ctx) + if (!conn) return 0; if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) { @@ -1664,6 +1663,7 @@ smp_fetch_ssl_fc_err(const struct arg *args, struct sample *smp, const char *kw, return 0; } + ctx = conn_get_ssl_sock_ctx(conn); if (!ctx) return 0; @@ -1708,8 +1708,7 @@ smp_fetch_ssl_fc_err_str(const struct arg *args, struct sample *smp, const char conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) : smp->strm ? cs_conn(smp->strm->csb) : NULL; - ctx = conn_get_ssl_sock_ctx(conn); - if (!ctx) + if (!conn) return 0; if (conn->flags & CO_FL_WAIT_XPRT && !conn->err_code) { @@ -1717,6 +1716,7 @@ smp_fetch_ssl_fc_err_str(const struct arg *args, struct sample *smp, const char return 0; } + ctx = conn_get_ssl_sock_ctx(conn); if (!ctx || !ctx->error_code) return 0;