BUG/MINOR: ssl-sample: Fix sample_conv_sha2() by checking EVP_Digest* failures

In sample_conv_sha2(), calls to EVP_Digest* can fail. So we must check
return value of each call and report a error on failure and release the
digest context.

This patch should fix the issue #3274. It should be backported as far as
2.6.

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index 5a3783a73e17d48936afa85b84e04f69878a32d6..b2740f309feeb07c5bffd6e4e5d21efffde682b8 100644 (file)
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -147,9 +147,14 @@ static int sample_conv_sha2(const struct arg *arg_p, struct sample *smp, void *p
        mdctx = EVP_MD_CTX_new();
        if (!mdctx)
                return 0;
-       EVP_DigestInit_ex(mdctx, evp, NULL);
-       EVP_DigestUpdate(mdctx, smp->data.u.str.area, smp->data.u.str.data);
-       EVP_DigestFinal_ex(mdctx, (unsigned char*)trash->area, &digest_length);
+
+       if (!EVP_DigestInit_ex(mdctx, evp, NULL) ||
+           !EVP_DigestUpdate(mdctx, smp->data.u.str.area, smp->data.u.str.data) ||
+           !EVP_DigestFinal_ex(mdctx, (unsigned char*)trash->area, &digest_length)) {
+               EVP_MD_CTX_free(mdctx);
+               return 0;
+       }
+
        trash->data = digest_length;
 
        EVP_MD_CTX_free(mdctx);