From: JiashengJiang <jiasheng@purdue.edu>
Date: Wed, 26 Mar 2025 21:40:16 +0000 (-0400)
Subject: apps/lib/apps.c: Add a check for OPENSSL_strdup()
X-Git-Tag: openssl-3.4.2~124
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b08d2e7aa03425ce1ceba96b2b236f3722d3cc77;p=thirdparty%2Fopenssl.git

apps/lib/apps.c: Add a check for OPENSSL_strdup()

Add a check for the return value of OPENSSL_strdup() to guarantee the success of allocation, similar to the other call sites.

Fixes: c7d5ea2670 ("Prepare to detect index changes in OCSP responder.")
Signed-off-by: JiashengJiang <jiasheng@purdue.edu>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27172)

(cherry picked from commit 930c645e6b74a09398f6345b2d265c38ff035afe)
---

diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 06c1947449a..1b81f3859e0 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1722,6 +1722,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
     }
 
     retdb->dbfname = OPENSSL_strdup(dbfile);
+    if (retdb->dbfname == NULL)
+        goto err;
+
 #ifndef OPENSSL_NO_POSIX_IO
     retdb->dbst = dbst;
 #endif