From: Joe Orton <jorton@apache.org>
Date: Thu, 29 Feb 2024 13:35:04 +0000 (+0000)
Subject: mod_ssl: Check SSL_CTX_new() return value
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3736c7a450a9d5f10d508fcc2434a675626aefae;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: Check SSL_CTX_new() return value

SSL_CTX_new() will return NULL if there was an error creating a new SSL context.

Submitted by: StephenWall
Github: closes #402


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916054 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 30fd6c5e4b5..64e4aaf1dcd 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -738,6 +738,11 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
         TLS_server_method();  /* server */
 #endif
     ctx = SSL_CTX_new(method);
+    if (ctx == NULL) {
+        /* Can fail for some system/install mis-configuration. */
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+        return ssl_die(s);
+    }
 
     mctx->ssl_ctx = ctx;