From c389b04bc57bb39da0269e4b5a4d639c8251b99f Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Mon, 2 Jan 2023 15:01:16 +0100 Subject: [PATCH] BUG/MINOR: ssl: Missing goto in error path in ocsp update code When converting an OCSP request's information into base64, the return value of a2base64 is checked but processing is not interrupted when it returns a negative value, which was caught by coverity. This patch fixes GitHub issue #1974. It does not need to be backported. --- src/ssl_ocsp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssl_ocsp.c b/src/ssl_ocsp.c index 220776de42..4a8a33bece 100644 --- a/src/ssl_ocsp.c +++ b/src/ssl_ocsp.c @@ -640,8 +640,6 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re goto end; } - errcode = 0; - /* HTTP based OCSP requests can use either the GET or the POST method to * submit their requests. To enable HTTP caching, small requests (that * after encoding are less than 255 bytes), MAY be submitted using GET. @@ -660,6 +658,7 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re if (base64_ret < 0) { memprintf(err, "%sa2base64() error\n", *err ? *err : ""); + goto end; } b64buf->data = base64_ret; @@ -668,12 +667,15 @@ int ssl_ocsp_create_request_details(const OCSP_CERTID *certid, struct buffer *re query_encode_map, b64buf); if (ret && *ret == '\0') { req_url->data = ret - b_orig(req_url); + errcode = 0; } } else { chunk_cpy(req_body, bin_request); + errcode = 0; } + end: OCSP_REQUEST_free(ocsp); -- 2.47.2