From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 17 Oct 2022 16:46:49 +0000 (+0200)
Subject: BUILD: ssl_sock: fix null dereference for QUIC build
X-Git-Tag: v2.7-dev9~165
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba303deadc3249e6df111c70eab23007244ed0bb;p=thirdparty%2Fhaproxy.git

BUILD: ssl_sock: fix null dereference for QUIC build

A previous commit tries to fix uninitialized GCC warning on ssl code for
QUIC build. See the fix here :
  48e46f98ccf97427995eb41c6f28cc38705bdd7e
  BUILD: ssl_sock: bind_conf uninitialized in ssl_sock_bind_verifycbk()

However, this is incomplete as it still reports possible NULL
dereference on ctx variable (GCC v12.2.0). Here is the compilation
result :

  src/ssl_sock.c: In function ‘ssl_sock_bind_verifycbk’:
  src/ssl_sock.c:1739:12: error: potential null pointer dereference [-Werror=null-dereference]
   1739 |         ctx->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
        |

To fix this, remove check on qc which can also never happens and replace
it with a BUG_ON. This seems to satisfy GCC on my machine.

This must be backported up to 2.6.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fbf4ee6a35..4a16f6f0cc 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1727,10 +1727,9 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
 #ifdef USE_QUIC
 	else {
 		qc = SSL_get_ex_data(ssl, ssl_qc_app_data_index);
-		if (qc) {
-			bind_conf = qc->li->bind_conf;
-			ctx = qc->xprt_ctx;
-		}
+		BUG_ON(!qc); /* Must never happen */
+		bind_conf = qc->li->bind_conf;
+		ctx = qc->xprt_ctx;
 	}
 #endif