BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print

When calling ssl_ocsp_response_print which is used to display an OCSP
response's details when calling the "show ssl ocsp-response" on the CLI,
we use the BIO_read function that copies an OpenSSL BIO into a trash.
The return value was not checked though, which could lead to some
crashes since BIO_read can return a negative value in case of error.

This patch should be backported to 2.5.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4d2fcc392f36100bffd13b5e2bcfa4da13d3ff4f..460eb6019e6b2f48b0bffb6ea61391e2dbefcfe3 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7593,6 +7593,8 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
                static struct ist double_lf = IST("\n\n");
 
                write = BIO_read(bio, trash->area, trash->size - 1);
+               if (write <= 0)
+                       goto end;
                trash->data = write;
 
                /* Look for empty lines in the 'trash' buffer and add a space to