From: Jiasheng Jiang Date: Mon, 21 Feb 2022 01:51:54 +0000 (+0800) Subject: crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup X-Git-Tag: OpenSSL_1_1_1n~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=999cce6ea7393e1daa40e9994064b2955b24a831;p=thirdparty%2Fopenssl.git crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup Since the potential failure of memory allocation, it should be better to check the return value of the OPENSSL_strndup(), like x509v3_add_len_value(). And following the comment of 'if (astrlen < 0)', return -1 if fails. Signed-off-by: Jiasheng Jiang Reviewed-by: Matt Caswell Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17737) (cherry picked from commit 366a16263959c0b6599f0b9ec18124d75560c6ef) --- diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index f41c699b5af..40d8f315549 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -828,8 +828,11 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, rv = equal(a->data, a->length, (unsigned char *)b, blen, flags); else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; - if (rv > 0 && peername) + if (rv > 0 && peername != NULL) { *peername = OPENSSL_strndup((char *)a->data, a->length); + if (*peername == NULL) + return -1; + } } else { int astrlen; unsigned char *astr; @@ -842,8 +845,13 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, return -1; } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); - if (rv > 0 && peername) + if (rv > 0 && peername != NULL) { *peername = OPENSSL_strndup((char *)astr, astrlen); + if (*peername == NULL) { + OPENSSL_free(astr); + return -1; + } + } OPENSSL_free(astr); } return rv;