From: Willy Tarreau <w@1wt.eu>
Date: Mon, 11 Apr 2022 17:47:31 +0000 (+0200)
Subject: BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx
X-Git-Tag: v2.6-dev6~124
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=99ade09cbfc67697fca0b2560f174c5c9385063f;p=thirdparty%2Fhaproxy.git

BUILD: ssl: fix build warning with previous changes to ssl_sock_ctx

Some compilers see a possible null deref after conn_get_ssl_sock_ctx()
in ssl_sock_parse_heartbeat, which cannot happen there, so let's mark
it as safe. No backport needed.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 26940dbb95..a681e253dc 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1713,6 +1713,7 @@ static void ssl_sock_parse_heartbeat(struct connection *conn, int write_p, int v
 		const unsigned char *p = buf;
 		unsigned int payload;
 
+		ALREADY_CHECKED(ctx);
 		ctx->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
 
 		/* Check if this is a CVE-2014-0160 exploitation attempt. */