From: Remi Tricot-Le Breton <rlebreton@haproxy.com>
Date: Wed, 16 Feb 2022 14:17:09 +0000 (+0100)
Subject: BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
X-Git-Tag: v2.6-dev2~110
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b01b7f2eff33ca9bd1da9fa628fd07a48c5a7cc;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print

When calling ssl_ocsp_response_print which is used to display an OCSP
response's details when calling the "show ssl ocsp-response" on the CLI,
we use the BIO_read function that copies an OpenSSL BIO into a trash.
The return value was not checked though, which could lead to some
crashes since BIO_read can return a negative value in case of error.

This patch should be backported to 2.5.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4d2fcc392f..460eb6019e 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7593,6 +7593,8 @@ int ssl_ocsp_response_print(struct buffer *ocsp_response, struct buffer *out)
 		static struct ist double_lf = IST("\n\n");
 
 		write = BIO_read(bio, trash->area, trash->size - 1);
+		if (write <= 0)
+			goto end;
 		trash->data = write;
 
 		/* Look for empty lines in the 'trash' buffer and add a space to