Emeric reported that he can't build haproxy anymore since
9bc6a034
("BUG/MINOR: ssl: Free global_ssl structure contents during deinit").
src/ssl_sock.c:7020:40: error: comparison with string literal results in unspecified behavior [-Werror=address]
7020 | if (global_ssl.listen_default_ciphers != LISTEN_DEFAULT_CIPHERS)
| ^~
src/ssl_sock.c:7023:41: error: comparison with string literal results in unspecified behavior [-Werror=address]
7023 | if (global_ssl.connect_default_ciphers != CONNECT_DEFAULT_CIPHERS)
| ^~
src/ssl_sock.c: At top level:
Indeed the mentionned patch is checking the pointer in order to free
something freeable, but that can't work because these constant are
strings literal which can be passed from the compiler and not pointers.
Also the test is not useful, because these strings are strdup() in
__ssl_sock_init, so they can be free directly.
Must be backported in every stable branches with
9bc6a034.
ha_free(&global_ssl.issuers_chain_path);
- if (global_ssl.listen_default_ciphers != LISTEN_DEFAULT_CIPHERS)
- ha_free(&global_ssl.listen_default_ciphers);
-
- if (global_ssl.connect_default_ciphers != CONNECT_DEFAULT_CIPHERS)
- ha_free(&global_ssl.connect_default_ciphers);
+ ha_free(&global_ssl.listen_default_ciphers);
+ ha_free(&global_ssl.connect_default_ciphers);
#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
- if (global_ssl.listen_default_ciphersuites != LISTEN_DEFAULT_CIPHERSUITES)
- ha_free(&global_ssl.listen_default_ciphersuites);
-
- if (global_ssl.connect_default_ciphersuites != CONNECT_DEFAULT_CIPHERSUITES)
- ha_free(&global_ssl.connect_default_ciphersuites);
+ ha_free(&global_ssl.listen_default_ciphersuites);
+ ha_free(&global_ssl.connect_default_ciphersuites);
#endif
#if defined(SSL_CTX_set1_curves_list)
projects / thirdparty / haproxy.git / commitdiff
