From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Tue, 1 Jun 2021 09:54:23 +0000 (+0200)
Subject: MINOR: ssl: check allocation in parse npn/sni
X-Git-Tag: v2.5-dev1~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1f9333b30eec8535e8f15eb32cc25306fa036b75;p=thirdparty%2Fhaproxy.git

MINOR: ssl: check allocation in parse npn/sni

These checks are especially required now as this function will be used
at runtime for dynamic servers.
---

diff --git a/src/cfgparse-ssl.c b/src/cfgparse-ssl.c
index 2adb92e85d..11af3aac43 100644
--- a/src/cfgparse-ssl.c
+++ b/src/cfgparse-ssl.c
@@ -1270,6 +1270,11 @@ static int srv_parse_npn(char **args, int *cur_arg, struct proxy *px, struct ser
 	 */
 	newsrv->ssl_ctx.npn_len = strlen(args[*cur_arg + 1]) + 1;
 	newsrv->ssl_ctx.npn_str = calloc(1, newsrv->ssl_ctx.npn_len + 1);
+	if (!newsrv->ssl_ctx.npn_str) {
+		memprintf(err, "out of memory");
+		return ERR_ALERT | ERR_FATAL;
+	}
+
 	memcpy(newsrv->ssl_ctx.npn_str + 1, args[*cur_arg + 1],
 	    newsrv->ssl_ctx.npn_len);
 
@@ -1590,6 +1595,10 @@ static int srv_parse_sni(char **args, int *cur_arg, struct proxy *px, struct ser
 
 	free(newsrv->sni_expr);
 	newsrv->sni_expr = strdup(arg);
+	if (!newsrv->sni_expr) {
+		memprintf(err, "out of memory");
+		return ERR_ALERT | ERR_FATAL;
+	}
 
 	return 0;
 #endif