From: xkernel <xkernel.wang@foxmail.com>
Date: Thu, 6 Jan 2022 13:29:02 +0000 (+0800)
Subject: openssl: check the return value of BIO_new_mem_buf()
X-Git-Tag: curl-7_82_0~258
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=30aea2b1ede;p=thirdparty%2Fcurl.git

openssl: check the return value of BIO_new_mem_buf()

Closes #8233
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f836c63b07..ecff9f5129 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3953,9 +3953,20 @@ static CURLcode servercert(struct Curl_easy *data,
 
     /* e.g. match issuer name with provided issuer certificate */
     if(SSL_CONN_CONFIG(issuercert) || SSL_CONN_CONFIG(issuercert_blob)) {
-      if(SSL_CONN_CONFIG(issuercert_blob))
+      if(SSL_CONN_CONFIG(issuercert_blob)) {
         fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data,
                              (int)SSL_CONN_CONFIG(issuercert_blob)->len);
+        if(!fp) {
+          failf(data,
+                "BIO_new_mem_buf NULL, " OSSL_PACKAGE
+                " error %s",
+                ossl_strerror(ERR_get_error(), error_buffer,
+                              sizeof(error_buffer)) );
+          X509_free(backend->server_cert);
+          backend->server_cert = NULL;
+          return CURLE_OUT_OF_MEMORY;
+        }
+      }
       else {
         fp = BIO_new(BIO_s_file());
         if(!fp) {