git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Frederic Lecaille <flecaille@haproxy.com>
	Thu, 12 Jun 2025 09:17:18 +0000 (11:17 +0200)
committer	Frederic Lecaille <flecaille@haproxy.com>
	Thu, 12 Jun 2025 09:45:21 +0000 (11:45 +0200)
commit	5a0ae9e9be743fc6e3d2a631f483f320d3a84636
tree	7a6416702841997782921fa77cb0416cc525e96e	tree
parent	869fb457ed4aca542df68b58ab7d6914732f6ab5	commit \| diff

MINOR: quic-be: Avoid SSL context unreachable code without USE_QUIC_OPENSSL_COMPAT

This commit added a "err" C label reachable only with USE_QUIC_OPENSSL_COMPAT:

   MINOR: quic-be: Missing callbacks initializations (USE_QUIC_OPENSSL_COMPAT)

leading coverity to warn this:

*** CID 1611481:         Control flow issues  (UNREACHABLE)
/src/quic_ssl.c: 802             in ssl_quic_srv_new_ssl_ctx()
796      goto err;
797     #endif
798
799      leave:
800      TRACE_LEAVE(QUIC_EV_CONN_NEW);
801      return ctx;
>>>     CID 1611481:         Control flow issues  (UNREACHABLE)
>>>     This code cannot be reached: "err:
SSL_CTX_free(ctx);".
802      err:
803      SSL_CTX_free(ctx);
804      ctx = NULL;
805      TRACE_DEVEL("leaving on error", QUIC_EV_CONN_NEW);
806      goto leave;
807     }

The less intrusive (without #ifdef) way to fix this it to add a "goto err"
statement from the code part which is reachable without USE_QUIC_OPENSSL_COMPAT.

Thank you to @chipitsine for having reported this issue in GH #3003.