]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8120020)
Do not remove errors from the OpenSSL error queue in toresult()
authorMichał Kępień <michal@isc.org>
Tue, 14 Aug 2018 10:49:19 +0000 (12:49 +0200)
committerMichał Kępień <michal@isc.org>
Tue, 14 Aug 2018 10:53:44 +0000 (12:53 +0200)
dst__openssl_toresult3() first calls toresult() and subsequently uses
ERR_get_error_line_data() in a loop.  Given this, it is a mistake to use
ERR_get_error() in toresult() because it causes the retrieved error to
be removed from the OpenSSL error queue, thus preventing it from being
retrieved by the subsequent ERR_get_error_line_data() calls.  Fix by
using ERR_peek_error() instead of ERR_get_error() in toresult().

(cherry picked from commit 36436268b5428c8b9a05524fff8338c409a67824)

lib/dns/openssl_link.c patch | blob | blame | history

diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 10ce0ba535d22e5aeec76f01eea14748d723fb31..a30a2abb3ac4d5211ab4157ea65ff1507de15ce8 100644 (file)
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -359,7 +359,7 @@ dst__openssl_destroy(void) {
 static isc_result_t
 toresult(isc_result_t fallback) {
        isc_result_t result = fallback;
-       unsigned long err = ERR_get_error();
+       unsigned long err = ERR_peek_error();
 #if defined(HAVE_OPENSSL_ECDSA) && \
     defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED)
        int lib = ERR_GET_LIB(err);
Mirror of https://gitlab.isc.org/isc-projects/bind9.git