From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 7 Jul 2020 08:48:13 +0000 (+0200)
Subject: BUG/MINOR: ssl: check conn in keylog sample fetch
X-Git-Tag: v2.2.0~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eec1d45f9dd352c230ba043d840ca4c39149f357;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: check conn in keylog sample fetch

Add a check on the conn pointer to avoid a NULL dereference in
smp_fetch_ssl_x_keylog().

The problem is not suppose to happen because the function is only used
for the frontend at the moment.

Introduced by 7d42ef5, 2.2 only.

Fix issue #733.
---

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 843554ceb7..e53c08847f 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -1121,6 +1121,9 @@ static int smp_fetch_ssl_x_keylog(const struct arg *args, struct sample *smp, co
 	conn = (kw[4] != 'b') ? objt_conn(smp->sess->origin) :
 	       smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
 
+	if (!conn)
+		return 0;
+
 	if (conn->flags & CO_FL_WAIT_XPRT) {
 		smp->flags |= SMP_F_MAY_CHANGE;
 		return 0;