From: Giovanni Bechis <gbechis@apache.org>
Date: Thu, 24 Feb 2022 11:52:46 +0000 (+0000)
Subject: return early if X509_STORE_CTX_init fails
X-Git-Tag: 2.5.0-alpha2-ci-test-only~478
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80a4538022762794dc9e04dd5886a9bfce61418d;p=thirdparty%2Fapache%2Fhttpd.git

return early if X509_STORE_CTX_init fails
bz 65902


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898368 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index a175d3e0754..b5f5379a89e 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -926,7 +926,10 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo
             }
 
             cert_store_ctx = X509_STORE_CTX_new();
-            X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack);
+            if (!X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack)) {
+                X509_STORE_CTX_free(cert_store_ctx);
+                return HTTP_FORBIDDEN;
+            }
             depth = SSL_get_verify_depth(ssl);
 
             if (depth >= 0) {