From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 20 Mar 2020 09:04:34 +0000 (+0100)
Subject: BUG/MINOR: ssl: crtlist_dup_filters() must return NULL with fcount == 0
X-Git-Tag: v2.2-dev5~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3c516fc989b32a4ef764e595b5453646fa8521b1;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: crtlist_dup_filters() must return NULL with fcount == 0

crtlist_dup_filters() must return a NULL ptr if the fcount number is 0.

This bug was introduced by 2954c47 ("MEDIUM: ssl: allow crt-list caching").
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ea513b2f39..e5cee539c6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4656,6 +4656,9 @@ static char **crtlist_dup_filters(char **args, int fcount)
 	char **dst;
 	int i;
 
+	if (fcount == 0)
+		return NULL;
+
 	dst = calloc(fcount + 1, sizeof(*dst));
 	if (!dst)
 		return NULL;