upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-13 15:54:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print

Browse source 
When calling ssl_ocsp_response_print which is used to display an OCSP
response's details when calling the "show ssl ocsp-response" on the CLI,
we use the BIO_read function that copies an OpenSSL BIO into a trash.
The return value was not checked though, which could lead to some
crashes since BIO_read can return a negative value in case of error.

This patch should be backported to 2.5.
This commit is contained in:
Remi Tricot-Le Breton 2022-02-16 15:17:09 +01:00 committed by William Lallemand
parent 8081b67699
commit 1b01b7f2ef
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/ssl_sock.c
View file

@ -7593,6 +7593,8 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
static struct ist double_lf = IST("\n\n");
write = BIO_read(bio, trash->area, trash->size - 1);
if (write <= 0)
goto end;
trash->data = write;
/* Look for empty lines in the 'trash' buffer and add a space to