Hi Ilya, On Sat, Sep 15, 2018 at 12:55:07AM +0500, ???? ??????? wrote: > hi, > > please find attached patch > > cheers, > Ilya Shipitsin
> From 7961bb27597cf529a88da475d3928d6223a88753 Mon Sep 17 00:00:00 2001 > From: Ilya Shipitsin <[email protected]> > Date: Sat, 15 Sep 2018 00:50:05 +0500 > Subject: [PATCH] MINOR: src/connection.c: avoid null pointer dereference > > found by coverity > --- > src/connection.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/connection.c b/src/connection.c > index b970d418..1e139ec2 100644 > --- a/src/connection.c > +++ b/src/connection.c > @@ -1191,7 +1191,7 @@ int make_proxy_line_v2(char *buf, int buf_len, struct > server *srv, struct connec > ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_CRC32C, > sizeof(zero_crc32c), (const char *)&zero_crc32c); > } > > - if (conn_get_alpn(remote, &value, &value_len)) { > + if (remote && conn_get_alpn(remote, &value, &value_len)) { > if ((buf_len - ret) < sizeof(struct tlv)) > return 0; > ret += make_tlv(&buf[ret], (buf_len - ret), PP2_TYPE_ALPN, > value_len, value); This one indeed looks valid. I looked at the other places there where the remote connection is used and they're protected by ssl_sock_is_ssl(). I think it's needed to add some comments above the function about the fact that remote can be null in case of a check or an applet. I'll retag the fix "BUG" as I'm pretty sure it could cause a crash with the approppriate configuration. Thanks, Willy
