From: x2018 <xkernel.wang@foxmail.com>
Date: Wed, 1 Dec 2021 06:29:58 +0000 (+0800)
Subject: check the return value of BIO_new() in t_x509.c:471 & cmp_vfy.c:36
X-Git-Tag: openssl-3.2.0-alpha1~3233
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=318e97997a514b16ca497cedb49730bc75764a05;p=thirdparty%2Fopenssl.git

check the return value of BIO_new() in t_x509.c:471 & cmp_vfy.c:36

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17175)
---

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index d3d9cca0d41..d9fd23425b5 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -34,7 +34,10 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
         return 0;
 
     bio = BIO_new(BIO_s_mem()); /* may be NULL */
-
+    if (bio == NULL) {
+        ERR_raise(ERR_LIB_CMP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     /* verify that keyUsage, if present, contains digitalSignature */
     if (!cmp_ctx->ignore_keyusage
             && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) {
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 95ee5f519fd..ae39b0f231a 100644
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -470,6 +470,10 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx)
         int cert_error = X509_STORE_CTX_get_error(ctx);
         BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */
 
+        if (bio == NULL) {
+            ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
         BIO_printf(bio, "%s at depth = %d error = %d (%s)\n",
                    X509_STORE_CTX_get0_parent_ctx(ctx) != NULL
                    ? "CRL path validation"