You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bn...@apache.org on 2021/10/27 18:59:56 UTC

[trafficserver] branch master updated: ssl_verify_test: clang-analyzer fix to account for nul sni_name (#8462)

This is an automated email from the ASF dual-hosted git repository.

bnolsen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
     new 9bbed6e  ssl_verify_test: clang-analyzer fix to account for nul sni_name (#8462)
9bbed6e is described below

commit 9bbed6eecd19b242bf40ae73dc993c7ddc6ce089
Author: Brian Olsen <bn...@gmail.com>
AuthorDate: Wed Oct 27 12:59:46 2021 -0600

    ssl_verify_test: clang-analyzer fix to account for nul sni_name (#8462)
---
 tests/tools/plugins/ssl_verify_test.cc | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/tests/tools/plugins/ssl_verify_test.cc b/tests/tools/plugins/ssl_verify_test.cc
index 1cc35ae..2ef3187 100644
--- a/tests/tools/plugins/ssl_verify_test.cc
+++ b/tests/tools/plugins/ssl_verify_test.cc
@@ -46,24 +46,27 @@ CB_server_verify(TSCont cont, TSEvent event, void *edata)
   int count = reinterpret_cast<intptr_t>(TSContDataGet(cont));
 
   // Is this a good name or not?
-  TSEvent reenable_event = TS_EVENT_CONTINUE;
-  TSSslConnection sslobj = TSVConnSslConnectionGet(ssl_vc);
-  SSL *ssl               = reinterpret_cast<SSL *>(sslobj);
-  const char *sni_name   = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+  TSEvent reenable_event       = TS_EVENT_CONTINUE;
+  TSSslConnection const sslobj = TSVConnSslConnectionGet(ssl_vc);
+  SSL const *const ssl         = reinterpret_cast<SSL *>(sslobj);
+  char const *const sni_name   = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
   if (sni_name) {
     std::string sni_string(sni_name);
     if (bad_names.find(sni_string) != bad_names.end()) {
       reenable_event = TS_EVENT_ERROR;
     }
-  }
 
-  TSDebug(PN, "Server verify callback %d %p - event is %s SNI=%s %s", count, ssl_vc,
-          event == TS_EVENT_SSL_VERIFY_SERVER ? "good" : "bad", sni_name,
-          reenable_event == TS_EVENT_ERROR ? "error HS" : "good HS");
+    TSDebug(PN, "Server verify callback %d %p - event is %s SNI=%s %s", count, ssl_vc,
+            event == TS_EVENT_SSL_VERIFY_SERVER ? "good" : "bad", sni_name,
+            reenable_event == TS_EVENT_ERROR ? "error HS" : "good HS");
 
-  int len;
-  const char *method2_name = TSVConnSslSniGet(ssl_vc, &len);
-  TSDebug(PN, "Server verify callback SNI APIs match=%s", 0 == strncmp(method2_name, sni_name, len) ? "true" : "false");
+    int len;
+    char const *const method2_name = TSVConnSslSniGet(ssl_vc, &len);
+    TSDebug(PN, "Server verify callback SNI APIs match=%s", 0 == strncmp(method2_name, sni_name, len) ? "true" : "false");
+  } else {
+    TSDebug(PN, "SSL_get_servername failed");
+    reenable_event = TS_EVENT_ERROR;
+  }
 
   // All done, reactivate things
   TSVConnReenableEx(ssl_vc, reenable_event);