OpenSSL: Fix possible null pointer dereference on an OCSP error path

author Ayala Beker <ayala.beker@intel.com>

Mon, 25 Jan 2016 10:28:46 +0000 (12:28 +0200)

committer Jouni Malinen <j@w1.fi>

Fri, 5 Feb 2016 22:58:32 +0000 (00:58 +0200)
author Ayala Beker <ayala.beker@intel.com>
Mon, 25 Jan 2016 10:28:46 +0000 (12:28 +0200)
committer Jouni Malinen <j@w1.fi>
Fri, 5 Feb 2016 22:58:32 +0000 (00:58 +0200)
diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c

index 37c87f4090b9f849fb4c35530ffcea887435bc89..4e1c6b94b16a60e96c0b500abe0ae9ffece04ae0 100644 (file)
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c
@@ -562,6 +562,8 @@ enum ocsp_result check_ocsp_resp(SSL_CTX *ssl_ctx, SSL *ssl, X509 *cert,
  
         if (basic->certs) {
                 untrusted = sk_X509_dup(basic->certs);
+               if (!untrusted)
+                       goto fail;
  
                 num = sk_X509_num(basic->certs);
                 for (i = 0; i < num; i++) {
author	Ayala Beker <ayala.beker@intel.com>
	Mon, 25 Jan 2016 10:28:46 +0000 (12:28 +0200)
committer	Jouni Malinen <j@w1.fi>
	Fri, 5 Feb 2016 22:58:32 +0000 (00:58 +0200)