From: Olivier Houchard <ohouchard@haproxy.com>
Date: Thu, 23 May 2019 16:24:07 +0000 (+0200)
Subject: MINOR: ssl: Make sure the underlying xprt's init method doesn't fail.
X-Git-Tag: v2.0-dev5~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=19afb274ad43dbd923470a4d38660ab91e7faaf9;p=thirdparty%2Fhaproxy.git

MINOR: ssl: Make sure the underlying xprt's init method doesn't fail.

In ssl_sock_init(), when initting the underlying xprt, check the return value,
and give up if it fails.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6f62375ac4..5393756c2b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5118,8 +5118,12 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 	 * add QUIC support.
 	 */
 	ctx->xprt = xprt_get(XPRT_RAW);
-	if (ctx->xprt->init)
-		ctx->xprt->init(conn, &ctx->xprt_ctx);
+	if (ctx->xprt->init) {
+		if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0) {
+			pool_free(ssl_sock_ctx_pool, ctx);
+			return -1;
+		}
+	}
 
 	if (global.maxsslconn && sslconns >= global.maxsslconn) {
 		conn->err_code = CO_ER_SSL_TOO_MANY;