BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp()

Check the return of the calloc in ssl_sock_load_ocsp() which could lead
to a NULL dereference.

This was introduced by commit be2774d ("MEDIUM: ssl: Added support for
Multi-Cert OCSP Stapling").

Could be backported as far as 1.7.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 69f6835c4973eeb97cc9a3b181bd77d0f6604459..f98c5c0717db6729ef2e40be62148b8f1fc8c0d6 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1342,9 +1342,13 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc
        SSL_CTX_get_tlsext_status_cb(ctx, &callback);
 
        if (!callback) {
-               struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg));
+               struct ocsp_cbk_arg *cb_arg;
                EVP_PKEY *pkey;
 
+               cb_arg = calloc(1, sizeof(*cb_arg));
+               if (!cb_arg)
+                       goto out;
+
                cb_arg->is_single = 1;
                cb_arg->s_ocsp = iocsp;