From: Thierry FOURNIER / OZON.IO <thierry.fournier@ozon.io>
Date: Thu, 13 Oct 2016 22:49:21 +0000 (+0200)
Subject: BUILD/CLEANUP: ssl: Check BIO_reset() return code
X-Git-Tag: v1.7-dev5~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d44ea3f77cee3c7edc5f7bfb065326dc031d5ed6;p=thirdparty%2Fhaproxy.git

BUILD/CLEANUP: ssl: Check BIO_reset() return code

The BIO_reset function can fails, and the error is not processed.
This patch just take in account the return code of the BIO_reset()
function.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f00b358b86..4b1e8856f2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1830,7 +1830,11 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_an
 	}
 
 	/* Seek back to beginning of file */
-	BIO_reset(in);
+	if (BIO_reset(in) == -1) {
+		memprintf(err, "%san error occurred while reading the file '%s'.\n",
+		          err && *err ? *err : "", path);
+		goto end;
+	}
 
 	/* Read Certificate */
 	ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);