From: Giovanni Bechis <gbechis@apache.org>
Date: Tue, 28 Jun 2022 07:52:23 +0000 (+0000)
Subject: check BN_bn2dec return value
X-Git-Tag: 2.5.0-alpha2-ci-test-only~280
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f8ea7fa6fa989e257a381862c7b8b6cf5a22f951;p=thirdparty%2Fapache%2Fhttpd.git

check BN_bn2dec return value


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1902302 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 164556ee4e8..af6c4de1b7c 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -843,6 +843,7 @@ static const char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, STACK_OF(X509) *
 static const char *ssl_var_lookup_ssl_cert_rfc4523_cea(apr_pool_t *p, SSL *ssl)
 {
     char *result;
+    char *decimal;
     X509 *xs;
 
     ASN1_INTEGER *serialNumber;
@@ -858,7 +859,11 @@ static const char *ssl_var_lookup_ssl_cert_rfc4523_cea(apr_pool_t *p, SSL *ssl)
         X509_NAME *issuer = X509_get_issuer_name(xs);
         if (issuer) {
             BIGNUM *bn = ASN1_INTEGER_to_BN(serialNumber, NULL);
-            char *decimal = BN_bn2dec(bn);
+            if((decimal = BN_bn2dec(bn)) == NULL) {
+              BN_free(bn);
+              X509_free(xs);
+              return NULL;
+            }
             result = apr_pstrcat(p, "{ serialNumber ", decimal,
                     ", issuer rdnSequence:\"",
                     modssl_X509_NAME_to_string(p, issuer, 0), "\" }", NULL);