From fe20f8fe25ef06646f4b68b5565ce35f209b59ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Tue, 14 Aug 2018 12:49:19 +0200 Subject: [PATCH] Do not remove errors from the OpenSSL error queue in toresult() dst__openssl_toresult3() first calls toresult() and subsequently uses ERR_get_error_line_data() in a loop. Given this, it is a mistake to use ERR_get_error() in toresult() because it causes the retrieved error to be removed from the OpenSSL error queue, thus preventing it from being retrieved by the subsequent ERR_get_error_line_data() calls. Fix by using ERR_peek_error() instead of ERR_get_error() in toresult(). --- lib/dns/openssl_link.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c index 8d49899ef7..d24b4f438c 100644 --- a/lib/dns/openssl_link.c +++ b/lib/dns/openssl_link.c @@ -270,7 +270,7 @@ dst__openssl_destroy(void) { static isc_result_t toresult(isc_result_t fallback) { isc_result_t result = fallback; - unsigned long err = ERR_get_error(); + unsigned long err = ERR_peek_error(); #if defined(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED) int lib = ERR_GET_LIB(err); #endif