From 19afb274ad43dbd923470a4d38660ab91e7faaf9 Mon Sep 17 00:00:00 2001
From: Olivier Houchard <ohouchard@haproxy.com>
Date: Thu, 23 May 2019 18:24:07 +0200
Subject: [PATCH] MINOR: ssl: Make sure the underlying xprt's init method
 doesn't fail.

In ssl_sock_init(), when initting the underlying xprt, check the return value,
and give up if it fails.
---
 src/ssl_sock.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6f62375ac..5393756c2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5118,8 +5118,12 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 	 * add QUIC support.
 	 */
 	ctx->xprt = xprt_get(XPRT_RAW);
-	if (ctx->xprt->init)
-		ctx->xprt->init(conn, &ctx->xprt_ctx);
+	if (ctx->xprt->init) {
+		if (ctx->xprt->init(conn, &ctx->xprt_ctx) != 0) {
+			pool_free(ssl_sock_ctx_pool, ctx);
+			return -1;
+		}
+	}
 
 	if (global.maxsslconn && sslconns >= global.maxsslconn) {
 		conn->err_code = CO_ER_SSL_TOO_MANY;
-- 
2.47.3