Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src/ssl_ckch.c: null pointer dereference suspected by coverity #2572

Closed
chipitsine opened this issue May 18, 2024 · 1 comment
Closed

src/ssl_ckch.c: null pointer dereference suspected by coverity #2572

chipitsine opened this issue May 18, 2024 · 1 comment
Labels
status: fixed This issue is a now-fixed bug. type: code-report This issue describes a code report (like valgrind or coverity)

Comments

@chipitsine
Copy link
Member

Tool Name and Version

coverity

Code Report

** CID 1545821:    (REVERSE_INULL)
/src/ssl_ckch.c: 4220 in ckch_conf_cmp()
/src/ssl_ckch.c: 4200 in ckch_conf_cmp()


________________________________________________________________________________________________________
*** CID 1545821:    (REVERSE_INULL)
/src/ssl_ckch.c: 4220 in ckch_conf_cmp()
4214                    /* special case for ocsp-update and default */
4215                    if (strcmp(ckch_conf_kws[i].name, "ocsp-update") == 0) {
4216                            int o1, o2; /* ocsp-update from the configuration */
4217                            int q1, q2; /* final ocsp-update value (from default) */
4218     
4219     
>>>     CID 1545821:    (REVERSE_INULL)
>>>     Null-checking "prev" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
4220                            o1 = prev ? *(int *)((intptr_t)prev + (ptrdiff_t)ckch_conf_kws[i].offset) : 0;
4221                            o2 = new ? *(int *)((intptr_t)new + (ptrdiff_t)ckch_conf_kws[i].offset) : 0;
4222     
4223                            q1 = (o1 == SSL_SOCK_OCSP_UPDATE_DFLT) ? global_ssl.ocsp_update.mode : o1;
4224                            q2 = (o2 == SSL_SOCK_OCSP_UPDATE_DFLT) ? global_ssl.ocsp_update.mode : o2;
4225     
/src/ssl_ckch.c: 4200 in ckch_conf_cmp()
4194                    if (strcmp(ckch_conf_kws[i].name, "crt") == 0)
4195                            continue;
4196     
4197                    switch (ckch_conf_kws[i].type) {
4198                            case PARSE_TYPE_STR: {
4199                                    char *avail1, *avail2;
>>>     CID 1545821:    (REVERSE_INULL)
>>>     Null-checking "prev" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
4200                                    avail1 = prev ? *(char **)((intptr_t)prev + (ptrdiff_t)ckch_conf_kws[i].offset) : NULL;
4201                                    avail2 = new ? *(char **)((intptr_t)new + (ptrdiff_t)ckch_conf_kws[i].offset) : NULL;
4202     
4203                                    /* must alert when strcmp is wrong, or when one of the field is NULL */
4204                                    if (((avail1 && avail2) && strcmp(avail1, avail2) != 0) || (!!avail1 ^ !!avail2)) {
4205                                            memprintf(err, "%s- different parameter '%s' : previously '%s' vs '%s'\n", *err ? *err : "", ckch_conf_kws[i].name, avail1, avail2);

Additional Information

No response

Output of haproxy -vv

no
@chipitsine chipitsine added the type: code-report This issue describes a code report (like valgrind or coverity) label May 18, 2024
haproxy-mirror pushed a commit that referenced this issue May 21, 2024
@wlallemand
MINOR: ssl: check parameter in ckch_conf_cmp()
d74ba7c 
Check prev and new parameters in ckch_conf_cmp() so we don't dereference
a NULL ptr. There is no risk since it's not used with a NULL ptr yet.

Also remove the check that are done later, and do it at the beginning of
the function.

Should fix issue #2572.
@wlallemand wlallemand added the status: fixed This issue is a now-fixed bug. label May 21, 2024
@wlallemand
Copy link
Member

Thanks, fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: fixed This issue is a now-fixed bug. type: code-report This issue describes a code report (like valgrind or coverity)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wlallemand @chipitsine