From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 10 Sep 2025 08:13:22 +0000 (+0200)
Subject: BUG/MINOR: ssl: Potential NULL deref in trace macro
X-Git-Tag: v3.3-dev9~141
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a316342ec68be63c784b0efcd7f4b876dbdc432d;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Potential NULL deref in trace macro

'ctx' might be NULL when we exit 'ssl_sock_handshake', it can't be
dereferenced without check in the trace macro.

This was found by Coverity andraised in GitHub #3113.
This patch should be backported up to 3.2.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b973a3967..c6bfcf5e3 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5909,7 +5909,7 @@ reneg_ok:
 	if (!conn->err_code)
 		conn->err_code = CO_ER_SSL_HANDSHAKE;
 
-	TRACE_ERROR("handshake error", SSL_EV_CONN_HNDSHK|SSL_EV_CONN_ERR, conn, ctx->ssl, &conn->err_code, &ctx->error_code);
+	TRACE_ERROR("handshake error", SSL_EV_CONN_HNDSHK|SSL_EV_CONN_ERR, conn, ctx->ssl, &conn->err_code, (ctx ? &ctx->error_code : NULL));
 	return 0;
 }