BUG/MINOR: ssl: returns when SSL_CTX_new failed during init

In ssl_sock_initial_ctx(), returns when SSL_CTX_new() failed instead of
trying to apply anything on the ctx. This may avoid crashing when
there's not enough memory anymore during configuration parsing.

Could be backported in every haproxy versions

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 437b28cc46de7bf120ef1fa4e74c25db84e546ec..14b817980f592f42386d26d54e3923b768fe1783 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3942,6 +3942,13 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
        const int default_min_ver = CONF_TLSV12;
 
        ctx = SSL_CTX_new(SSLv23_server_method());
+       if (!ctx) {
+               cfgerr += 1;
+               ha_alert("Proxy '%s': failed to create an SSL context for bind '%s' at [%s:%d].\n",
+                        bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
+               goto end;
+       }
+
        bind_conf->initial_ctx = ctx;
 
        if (global_ssl.security_level > -1)
@@ -4067,6 +4074,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
 # endif
        SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
 #endif /* ! SSL_CTRL_SET_TLSEXT_HOSTNAME */
+end:
        return cfgerr;
 }