From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 24 Jan 2022 10:04:05 +0000 (+0100)
Subject: MINOR: ssl: fix build in release mode
X-Git-Tag: v2.6-dev1~91
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7c564bfdd3498982b11669adbc4a99dcc04b5900;p=thirdparty%2Fhaproxy.git

MINOR: ssl: fix build in release mode

Fix potential null pointer dereference. In fact, this case is not
possible, only a mistake in SSL ex-data initialization may cause it :
either connection is set or quic_conn, which allows to retrieve
the bind_conf.

A BUG_ON was already present but this does not cover release build.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 1aa46d74f7..572fa76476 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1537,7 +1537,12 @@ void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
 	else if (qc)
 		ctx = qc->xprt_ctx;
 #endif /* USE_QUIC */
-	BUG_ON(!ctx);
+
+	if (!ctx) {
+		/* must never happen */
+		ABORT_NOW();
+		return;
+	}
 
 #ifndef SSL_OP_NO_RENEGOTIATION
 	/* Please note that BoringSSL defines this macro to zero so don't
@@ -2488,7 +2493,12 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 	else if (qc)
 		s = qc->li->bind_conf;
 #endif /* USE_QUIC */
-	BUG_ON(!s);
+
+	if (!s) {
+		/* must never happen */
+		ABORT_NOW();
+		return 0;
+	}
 
 #ifdef USE_QUIC
 	if (qc) {