]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-(
authorWilly Tarreau <w@1wt.eu>
Mon, 9 May 2022 19:14:04 +0000 (21:14 +0200)
committerWilly Tarreau <w@1wt.eu>
Mon, 9 May 2022 19:16:13 +0000 (21:16 +0200)
... or how a bogus warning forces you to do tricky changes in your code
and fail on a length test condition! Fortunately it changed in the right
direction that immediately broke, due to a missing "> sizeof(path)" that
had to be added to the already ugly condition.

This fixes recent commit 393e42ae5 ("BUILD: ssl: work around bogus warning
in gcc 12's -Wformat-truncation"). It may have to be backported if that
one is backported.

src/ssl_crtlist.c

index f43982f4db598a2ac144a02ee18e1797375c93f8..56d2bc4c9b9877ba02abf3a501027582958c039c 100644 (file)
@@ -537,7 +537,7 @@ int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *cu
 
                if (*crt_path != '/' && global_ssl.crt_base) {
                        if ((strlen(global_ssl.crt_base) + 1 + strlen(crt_path)) > sizeof(path) ||
-                           snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, crt_path)) {
+                           snprintf(path, sizeof(path), "%s/%s",  global_ssl.crt_base, crt_path) > sizeof(path)) {
                                memprintf(err, "parsing [%s:%d]: '%s' : path too long",
                                          file, linenum, crt_path);
                                cfgerr |= ERR_ALERT | ERR_FATAL;