return early if X509_STORE_CTX_init fails

author Giovanni Bechis <gbechis@apache.org>

Thu, 24 Feb 2022 11:52:46 +0000 (11:52 +0000)

committer Giovanni Bechis <gbechis@apache.org>

Thu, 24 Feb 2022 11:52:46 +0000 (11:52 +0000)
author Giovanni Bechis <gbechis@apache.org>
Thu, 24 Feb 2022 11:52:46 +0000 (11:52 +0000)
committer Giovanni Bechis <gbechis@apache.org>
Thu, 24 Feb 2022 11:52:46 +0000 (11:52 +0000)
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c

index a175d3e07540e51c846780fb3a57bc0b68be0f41..b5f5379a89e0002e3b2564467354a6c65bf53519 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -926,7 +926,10 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo
              }
  
              cert_store_ctx = X509_STORE_CTX_new();
-            X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack);
+            if (!X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack)) {
+                X509_STORE_CTX_free(cert_store_ctx);
+                return HTTP_FORBIDDEN;
+            }
              depth = SSL_get_verify_depth(ssl);
  
              if (depth >= 0) {
author	Giovanni Bechis <gbechis@apache.org>
	Thu, 24 Feb 2022 11:52:46 +0000 (11:52 +0000)
committer	Giovanni Bechis <gbechis@apache.org>
	Thu, 24 Feb 2022 11:52:46 +0000 (11:52 +0000)