From 3c4f009959c4b73b78219da51e49bb564a24ef48 Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Sat, 26 Jul 2025 09:30:53 -0400
Subject: [PATCH] Fix NULL check in get_ocsp_resp_from_responder

We assign an allocation to *sk_resp, but only check for NULL on sk_resp,
not the value it points to.

Addresses https://scan5.scan.coverity.com/#/project-view/60762/10222?selectedIssue=1659222

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)
---
 apps/s_server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 0360bfccdf0..3edb53d00a4 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -786,7 +786,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
 
     *sk_resp = sk_OCSP_RESPONSE_new_reserve(NULL, num);
 
-    if (sk_resp == NULL)
+    if (*sk_resp == NULL)
         return SSL_TLSEXT_ERR_ALERT_FATAL;
 
     /* for each certificate in chain (except root) get the OCSP response */
-- 
2.47.3