From: AntonMoryakov <ant.v.moryakov@gmail.com>
Date: Fri, 16 May 2025 14:19:21 +0000 (+0300)
Subject: apps: lib: Prevent potential NULL dereference in init_client()
X-Git-Tag: openssl-3.4.2~50
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e661b03a05d95ca58e0d6e257dc5a7d8f7f3670;p=thirdparty%2Fopenssl.git

apps: lib: Prevent potential NULL dereference in init_client()

apps: lib: Simplify ba_ret handling in init_client()

Simplify logic around ba_ret assignment:
- Fail early if ba_ret == NULL
- Assign directly otherwise, without checking *ba_ret

This avoids extra nesting and matches OpenSSL's conventions.

CLA: trivial
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Co-authored-by: Tomas Mraz <tomas@openssl.org>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26783)

(cherry picked from commit 3161f460fa7eacc7a93f8edf413c78b4dcf65823)
---

diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index a1935bcce2a..22c16264567 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -172,8 +172,16 @@ int init_client(int *sock, const char *host, const char *port,
         }
 
         /* Save the address */
-        if (tfo || !doconn)
+        if (tfo || !doconn) {
+            if (ba_ret == NULL) {
+                BIO_printf(bio_err, "Internal error\n");
+                BIO_closesocket(*sock);
+                *sock = INVALID_SOCKET;
+                goto out;
+            }
+
             *ba_ret = BIO_ADDR_dup(BIO_ADDRINFO_address(ai));
+        }
 
         /* Success, don't try any more addresses */
         break;