From 5bd670c39341087d15e90db1abd89b9187a07ed8 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Nov 2025 09:06:13 +0100 Subject: [PATCH] wolfssl: avoid NULL dereference in OOM situation Verify that wolfSSL_BIO_meth_new() actually works and handle situations where it returns NULL. Reported-by: Stanislav Fort (Aisle Research) Closes #19459 --- lib/vtls/wolfssl.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 585a406002..bf39ccf9b1 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -395,20 +395,24 @@ static int wssl_bio_cf_in_read(WOLFSSL_BIO *bio, char *buf, int blen) static WOLFSSL_BIO_METHOD *wssl_bio_cf_method = NULL; -static void wssl_bio_cf_init_methods(void) +static int wssl_bio_cf_init_methods(void) { wssl_bio_cf_method = wolfSSL_BIO_meth_new(WOLFSSL_BIO_MEMORY, - "wolfSSL CF BIO"); + "wolfSSL CF BIO"); + if(!wssl_bio_cf_method) + return FALSE; /* error */ wolfSSL_BIO_meth_set_write(wssl_bio_cf_method, &wssl_bio_cf_out_write); wolfSSL_BIO_meth_set_read(wssl_bio_cf_method, &wssl_bio_cf_in_read); wolfSSL_BIO_meth_set_ctrl(wssl_bio_cf_method, &wssl_bio_cf_ctrl); wolfSSL_BIO_meth_set_create(wssl_bio_cf_method, &wssl_bio_cf_create); wolfSSL_BIO_meth_set_destroy(wssl_bio_cf_method, &wssl_bio_cf_destroy); + return TRUE; /* fine */ } static void wssl_bio_cf_free_methods(void) { wolfSSL_BIO_meth_free(wssl_bio_cf_method); + wssl_bio_cf_method = NULL; } #else /* USE_BIO_CHAIN */ @@ -1504,6 +1508,8 @@ wssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) { WOLFSSL_BIO *bio; + if(!wssl_bio_cf_method) + return CURLE_FAILED_INIT; bio = wolfSSL_BIO_new(wssl_bio_cf_method); if(!bio) return CURLE_OUT_OF_MEMORY; @@ -2089,7 +2095,8 @@ static int wssl_init(void) Curl_tls_keylog_open(); #endif ret = (wolfSSL_Init() == WOLFSSL_SUCCESS); - wssl_bio_cf_init_methods(); + if(ret) + ret = wssl_bio_cf_init_methods(); return ret; } -- 2.47.3