From 6dd7ae2f4103b368cd6b66a053b7a9323c9fb9ad Mon Sep 17 00:00:00 2001 From: Eugene Syromiatnikov Date: Mon, 1 Sep 2025 16:42:15 +0200 Subject: [PATCH] apps/ocsp.c: avoid using NULL resp There are some code paths where resp is used without a previous check for being non-NULL (specifically, OCSP_response_create() can return NULL, and do_responder() can return -1, that would also lead to resp being NULL). Avoid hitting NULL dereferences by wrapping the code that uses resp in "if (resp != NULL)". Resolves: https://scan5.scan.coverity.com/#/project-view/65248/10222?selectedIssue=1665155 References: https://github.com/openssl/project/issues/1362 Signed-off-by: Eugene Syromiatnikov Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/28407) --- apps/ocsp.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index a22abad00a9..40275b4e5cf 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -666,7 +666,8 @@ redo_accept: resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); - send_ocsp_response(cbio, resp); + if (resp != NULL) + send_ocsp_response(cbio, resp); } goto done_resp; } @@ -764,16 +765,18 @@ redo_accept: BIO_free(derbio); } - i = OCSP_response_status(resp); - if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%d)\n", - OCSP_response_status_str(i), i); - if (!ignore_err) + if (resp != NULL) { + i = OCSP_response_status(resp); + if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + BIO_printf(out, "Responder Error: %s (%d)\n", + OCSP_response_status_str(i), i); + if (!ignore_err) goto end; - } + } - if (resp_text) - OCSP_RESPONSE_print(out, resp, 0); + if (resp_text) + OCSP_RESPONSE_print(out, resp, 0); + } /* If running as responder don't verify our own response */ if (cbio != NULL) { -- 2.47.3