MINOR: ssl: fix possible null dereference in error handling

recent commit 8b453912ce9a ("MINOR: ssl: ssl_sock_prepare_ctx() return an error code")
converted all errors handling; in this patch we always test `err`, but
three of them are missing. I did not found a plausible explanation about
it.

this should fix issue #374

Fixes: 8b453912ce9a ("MINOR: ssl: ssl_sock_prepare_ctx() return an error code")
Reported-by: Илья Шипицин <chipitsine@gmail.com>
Signed-off-by: William Dauchy <w.dauchy@criteo.com>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6513760ace04f164f83a41a12eaeafb69bdd0ed3..bcfa3e712a5f4c59caed037fd56341339e18bbaf 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4934,8 +4934,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
        conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
        if (conf_ciphersuites &&
            !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
-               memprintf(err, "%sProxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
-                         *err ? *err : "", curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
+               if (err)
+                       memprintf(err, "%sProxy '%s': unable to set TLS 1.3 cipher suites to '%s' for bind '%s' at [%s:%d].\n",
+                                 *err ? *err : "", curproxy->id, conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
                cfgerr |= ERR_ALERT | ERR_FATAL;
        }
 #endif
@@ -5034,8 +5035,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
        conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : bind_conf->ssl_conf.curves;
        if (conf_curves) {
                if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
-                       memprintf(err, "%sProxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
-                                 *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
+                       if (err)
+                               memprintf(err, "%sProxy '%s': unable to set SSL curves list to '%s' for bind '%s' at [%s:%d].\n",
+                                         *err ? *err : "", curproxy->id, conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
                        cfgerr |= ERR_ALERT | ERR_FATAL;
                }
 #if defined(SSL_CTX_set_ecdh_auto)
@@ -5064,8 +5066,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_
 
                i = OBJ_sn2nid(ecdhe);
                if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
-                       memprintf(err, "%sProxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
-                                 *err ? *err : "", curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
+                       if (err)
+                               memprintf(err, "%sProxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
+                                         *err ? *err : "", curproxy->id, ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
                        cfgerr |= ERR_ALERT | ERR_FATAL;
                }
                else {