From 6f4ca37880757032baee7e6790a1b173f7708b05 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Fri, 10 Oct 2025 14:16:31 +0200 Subject: [PATCH] BUG/MINOR: ssl: Potential NULL deref in trace macro 'ctx' might be NULL when we exit 'ssl_sock_handshake', it can't be dereferenced without check in the trace macro. This was found by Coverity andraised in GitHub #3113. This patch should be backported up to 3.2 --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 13339fa1b..1d40c1105 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5943,7 +5943,7 @@ reneg_ok: if (!conn->err_code) conn->err_code = CO_ER_SSL_HANDSHAKE; - TRACE_ERROR("handshake error", SSL_EV_CONN_HNDSHK|SSL_EV_CONN_ERR, conn, ctx->ssl, &conn->err_code, (ctx ? &ctx->error_code : NULL)); + TRACE_ERROR("handshake error", SSL_EV_CONN_HNDSHK|SSL_EV_CONN_ERR, conn, (ctx ? ctx->ssl : NULL), &conn->err_code, (ctx ? &ctx->error_code : NULL)); return 0; } -- 2.47.3