From be7467f5a0aa098531597b95a71be6d7c2a463c7 Mon Sep 17 00:00:00 2001 From: icy17 <1061499390@qq.com> Date: Mon, 16 Jun 2025 12:12:57 +0800 Subject: [PATCH] Add return check to BIO_new, SSL_CTX_new and EVP_PKEY_new Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/27829) --- fuzz/server.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/fuzz/server.c b/fuzz/server.c index d058f1c2d8b..f51877a8c01 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -540,7 +540,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) /* This only fuzzes the initial flow from the client so far. */ ctx = SSL_CTX_new(SSLv23_method()); - + OPENSSL_assert(ctx != NULL); ret = SSL_CTX_set_min_proto_version(ctx, 0); OPENSSL_assert(ret == 1); ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0"); @@ -552,6 +552,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); OPENSSL_assert(privkey != NULL); pkey = EVP_PKEY_new(); + OPENSSL_assert(pkey != NULL); EVP_PKEY_assign_RSA(pkey, privkey); ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); @@ -569,18 +570,21 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) # ifndef OPENSSL_NO_DEPRECATED_3_0 /* ECDSA */ bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert(bio_buf != NULL); OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM)); ecdsakey = PEM_read_bio_ECPrivateKey(bio_buf, NULL, NULL, NULL); ERR_print_errors_fp(stderr); OPENSSL_assert(ecdsakey != NULL); BIO_free(bio_buf); pkey = EVP_PKEY_new(); + OPENSSL_assert(pkey != NULL); EVP_PKEY_assign_EC_KEY(pkey, ecdsakey); ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); # endif bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert(bio_buf != NULL); OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM)); cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); OPENSSL_assert(cert != NULL); @@ -593,18 +597,21 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0) /* DSA */ bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert(bio_buf != NULL); OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM)); dsakey = PEM_read_bio_DSAPrivateKey(bio_buf, NULL, NULL, NULL); ERR_print_errors_fp(stderr); OPENSSL_assert(dsakey != NULL); BIO_free(bio_buf); pkey = EVP_PKEY_new(); + OPENSSL_assert(pkey != NULL); EVP_PKEY_assign_DSA(pkey, dsakey); ret = SSL_CTX_use_PrivateKey(ctx, pkey); OPENSSL_assert(ret == 1); EVP_PKEY_free(pkey); bio_buf = BIO_new(BIO_s_mem()); + OPENSSL_assert(bio_buf != NULL); OPENSSL_assert((size_t)BIO_write(bio_buf, DSACertPEM, sizeof(DSACertPEM)) == sizeof(DSACertPEM)); cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); OPENSSL_assert(cert != NULL); @@ -616,7 +623,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) server = SSL_new(ctx); in = BIO_new(BIO_s_mem()); + OPENSSL_assert(in != NULL); out = BIO_new(BIO_s_mem()); + OPENSSL_assert(out != NULL); SSL_set_bio(server, in, out); SSL_set_accept_state(server); -- 2.47.2