openssl: check the return value of BIO_new_mem_buf()

author xkernel <xkernel.wang@foxmail.com>

Thu, 6 Jan 2022 13:29:02 +0000 (21:29 +0800)

committer Daniel Stenberg <daniel@haxx.se>

Fri, 7 Jan 2022 08:34:08 +0000 (09:34 +0100)
author xkernel <xkernel.wang@foxmail.com>
Thu, 6 Jan 2022 13:29:02 +0000 (21:29 +0800)
committer Daniel Stenberg <daniel@haxx.se>
Fri, 7 Jan 2022 08:34:08 +0000 (09:34 +0100)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c

index f836c63b07eea0fc73ae9f30857b30a97723dc38..ecff9f512993e064a3762ab076de47f2e0277236 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3953,9 +3953,20 @@ static CURLcode servercert(struct Curl_easy *data,
  
      /* e.g. match issuer name with provided issuer certificate */
      if(SSL_CONN_CONFIG(issuercert) || SSL_CONN_CONFIG(issuercert_blob)) {
-      if(SSL_CONN_CONFIG(issuercert_blob))
+      if(SSL_CONN_CONFIG(issuercert_blob)) {
          fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data,
                               (int)SSL_CONN_CONFIG(issuercert_blob)->len);
+        if(!fp) {
+          failf(data,
+                "BIO_new_mem_buf NULL, " OSSL_PACKAGE
+                " error %s",
+                ossl_strerror(ERR_get_error(), error_buffer,
+                              sizeof(error_buffer)) );
+          X509_free(backend->server_cert);
+          backend->server_cert = NULL;
+          return CURLE_OUT_OF_MEMORY;
+        }
+      }
        else {
          fp = BIO_new(BIO_s_file());
          if(!fp) {
author	xkernel <xkernel.wang@foxmail.com>
	Thu, 6 Jan 2022 13:29:02 +0000 (21:29 +0800)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 7 Jan 2022 08:34:08 +0000 (09:34 +0100)