From 816d6e578ccc4d8ae41de77e3069762d03079d18 Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Date: Wed, 22 Jun 2022 16:41:12 +0800
Subject: [PATCH] crypto/http/http_client.c: Add the check for OPENSSL_strdup

As the potential failure of the OPENSSL_strdup(), it should
be better to check the return value and return error if fails.

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18624)
---
 crypto/http/http_client.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 790b03fa93..ad7574e695 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1158,6 +1158,14 @@ BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy,
                 current_url = redirection_url;
                 if (*redirection_url == '/') { /* redirection to same server */
                     path = OPENSSL_strdup(redirection_url);
+                    if (path == NULL) {
+                        OPENSSL_free(host);
+                        OPENSSL_free(port);
+                        (void)OSSL_HTTP_close(rctx, 1);
+                        BIO_free(resp);
+                        OPENSSL_free(current_url);
+                        return NULL;
+                    }
                     goto new_rpath;
                 }
                 OPENSSL_free(host);
-- 
2.39.2