From 29a4eba2660e15d6604929fab28ea9dcabe0c013 Mon Sep 17 00:00:00 2001
From: mestre <>
Date: Wed, 30 Nov 2016 07:56:23 +0000
Subject: Check return value of tls_config_set_protocols(3) and
 tls_config_set_ciphers(3) and bail out in case of failure

Feedback and OK jsing@
---
 src/usr.bin/nc/netcat.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 783aea25ed..c103aa6350 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.170 2016/11/06 13:33:30 beck Exp $ */
+/* $OpenBSD: netcat.c,v 1.171 2016/11/30 07:56:23 mestre Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -464,8 +464,11 @@ main(int argc, char *argv[])
 		if (oflag && tls_config_set_ocsp_staple_file(tls_cfg, oflag) == -1)
 			errx(1, "%s", tls_config_error(tls_cfg));
 		if (TLSopt & TLS_ALL) {
-			tls_config_set_protocols(tls_cfg, TLS_PROTOCOLS_ALL);
-			tls_config_set_ciphers(tls_cfg, "all");
+			if (tls_config_set_protocols(tls_cfg,
+			    TLS_PROTOCOLS_ALL) != 0)
+				errx(1, "%s", tls_config_error(tls_cfg));
+			if (tls_config_set_ciphers(tls_cfg, "all") != 0)
+				errx(1, "%s", tls_config_error(tls_cfg));
 		}
 		if (!lflag && (TLSopt & TLS_CCERT))
 			errx(1, "clientcert is only valid with -l");
-- 
cgit v1.2.3-55-g6feb