Check return value of tls_config_set_protocols(3) and tls_config_set_ciphers(3)

and bail out in case of failure

Feedback and OK jsing@

1 files changed, 6 insertions, 3 deletions

diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 783aea25ed..c103aa6350 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.170 2016/11/06 13:33:30 beck Exp $ */
+/* $OpenBSD: netcat.c,v 1.171 2016/11/30 07:56:23 mestre Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -464,8 +464,11 @@ main(int argc, char *argv[])
                 if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1)
                         errx(1, "%s", tls_config_error(tls_cfg));
                 if (TLSopt & TLS_ALL) {
-                        tls_config_set_protocols(tls_cfg, TLS_PROTOCOLS_ALL);
-                        tls_config_set_ciphers(tls_cfg, "all");
+                        if (tls_config_set_protocols(tls_cfg,
+                            TLS_PROTOCOLS_ALL) != 0)
+                                errx(1, "%s", tls_config_error(tls_cfg));
+                        if (tls_config_set_ciphers(tls_cfg, "all") != 0)
+                                errx(1, "%s", tls_config_error(tls_cfg));
                 }
                 if (!lflag && (TLSopt & TLS_CCERT))
                         errx(1, "clientcert is only valid with -l");