From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Date: Tue, 5 Aug 2025 14:12:38 +0000 (+0000)
Subject: Add check for memory allocation APIs to avoid NULL pointer dereference
X-Git-Tag: 3.8.11~19^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a74a02ca236d86573f825705aea250e4d66954cb;p=thirdparty%2Fgnutls.git

Add check for memory allocation APIs to avoid NULL pointer dereference

Add check for the return value of memory allocation APIs to avoid NULL
pointer dereference.

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Modified-by: Daiki Ueno <ueno@gnu.org>
---

diff --git a/src/certtool.c b/src/certtool.c
index a8e0d0173d..09ae735958 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2245,6 +2245,10 @@ static int detailed_verification(gnutls_x509_crt_t cert,
 		ret = gnutls_x509_crl_get_number(crl, tmp, &tmp_size, NULL);
 		if (ret < 0) {
 			serial.data = (void *)gnutls_strdup("unnumbered");
+			if (serial.data == NULL) {
+				fprintf(stderr, "out of memory\n");
+				app_exit(1);
+			}
 		} else {
 			data.data = (void *)tmp;
 			data.size = tmp_size;
diff --git a/tests/auto-verify.c b/tests/auto-verify.c
index b0b076d957..df4c55cf7d 100644
--- a/tests/auto-verify.c
+++ b/tests/auto-verify.c
@@ -276,6 +276,7 @@ static int cert_out_callback(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
 		ret = gnutls_x509_crl_get_number(crl, tmp, &tmp_size, NULL);
 		if (ret < 0) {
 			serial.data = (void *)gnutls_strdup("unnumbered");
+			assert(serial.data != NULL);
 		} else {
 			data.data = (void *)tmp;
 			data.size = tmp_size;
diff --git a/tests/crl_apis.c b/tests/crl_apis.c
index 67537733c2..37c7d32b84 100644
--- a/tests/crl_apis.c
+++ b/tests/crl_apis.c
@@ -272,11 +272,15 @@ static void get_dn_by_oid(gnutls_x509_crl_t crl,
 	       0);
 
 	char *crt_buf = gnutls_calloc(DN_MAX_LEN, sizeof(char));
+	assert(crt_buf != NULL);
+
 	size_t crt_buf_size = DN_MAX_LEN;
 	gnutls_x509_crt_get_issuer_dn_by_oid(crt, "2.5.4.3", 0, 0, crt_buf,
 					     &crt_buf_size);
 
 	char *crl_buf = gnutls_calloc(DN_MAX_LEN, sizeof(char));
+	assert(crl_buf != NULL);
+
 	size_t crl_buf_size = DN_MAX_LEN;
 	gnutls_x509_crl_get_issuer_dn_by_oid(crl, "2.5.4.3", 0, 0, crl_buf,
 					     &crl_buf_size);
diff --git a/tests/pskself2.c b/tests/pskself2.c
index e161468846..c0e507d8fa 100644
--- a/tests/pskself2.c
+++ b/tests/pskself2.c
@@ -84,6 +84,8 @@ static void client(int sd, const char *prio, unsigned exp_hint)
 	side = "client";
 
 	user.data = gnutls_malloc(4);
+	assert(user.data != NULL);
+
 	user.data[0] = 0xCA;
 	user.data[1] = 0xFE;
 	user.data[2] = 0xCA;
diff --git a/tests/rehandshake-switch-srp-id.c b/tests/rehandshake-switch-srp-id.c
index a0bf2798a9..7899b88ab8 100644
--- a/tests/rehandshake-switch-srp-id.c
+++ b/tests/rehandshake-switch-srp-id.c
@@ -86,6 +86,8 @@ static int srpfunc(gnutls_session_t session, const char *username,
 		printf("srp: username %s\n", username);
 
 	generator->data = gnutls_malloc(1);
+	assert(generator->data != NULL);
+
 	generator->data[0] = 2;
 	generator->size = 1;