BUG/MINOR: ssl: Missing goto in error path in ocsp update code

When converting an OCSP request's information into base64, the return
value of a2base64 is checked but processing is not interrupted when it
returns a negative value, which was caught by coverity.

This patch fixes GitHub issue #1974.
It does not need to be backported.

diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c
index 220776de4285da751a53a1ec8b36829b67034e1c..4a8a33bece34c32a5cf1742f6662c268d2db5038 100644 (file)
--- a/src/ssl_ocsp.c
+++ b/src/ssl_ocsp.c
@@ -640,8 +640,6 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re
                goto end;
        }
 
-       errcode = 0;
-
        /* HTTP based OCSP requests can use either the GET or the POST method to
         * submit their requests. To enable HTTP caching, small requests (that
         * after encoding are less than 255 bytes), MAY be submitted using GET.
@@ -660,6 +658,7 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re
 
                if (base64_ret < 0) {
                        memprintf(err, "%sa2base64() error\n", *err ? *err : "");
+                       goto end;
                }
 
                b64buf->data = base64_ret;
@@ -668,12 +667,15 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re
                                   query_encode_map, b64buf);
                if (ret && *ret == '\0') {
                        req_url->data = ret - b_orig(req_url);
+                       errcode = 0;
                }
        }
        else {
                chunk_cpy(req_body, bin_request);
+               errcode = 0;
        }
 
+
 end:
        OCSP_REQUEST_free(ocsp);