Fix NULL check in get_ocsp_resp_from_responder

We assign an allocation to *sk_resp, but only check for NULL on sk_resp,
not the value it points to.

Addresses https://scan5.scan.coverity.com/#/project-view/60762/10222?selectedIssue=1659222

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28101)

diff --git a/apps/s_server.c b/apps/s_server.c
index 0360bfccdf0c821488f131567c294a022aa1f7a3..3edb53d00a4192894729e459e5da01aeef51e631 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -786,7 +786,7 @@ static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
 
     *sk_resp = sk_OCSP_RESPONSE_new_reserve(NULL, num);
 
-    if (sk_resp == NULL)
+    if (*sk_resp == NULL)
         return SSL_TLSEXT_ERR_ALERT_FATAL;
 
     /* for each certificate in chain (except root) get the OCSP response */