From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 16 Aug 2023 14:29:01 +0000 (+0200)
Subject: ossl_x509_store_ctx_get_by_subject(): Check return value of X509_STORE_lock()
X-Git-Tag: openssl-3.2.0-alpha1~191
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6404d064b8012a2c353603a3b3effa6289313d61;p=thirdparty%2Fopenssl.git

ossl_x509_store_ctx_get_by_subject(): Check return value of X509_STORE_lock()

Fixes Coverity 1539148

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
---

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 08b8425bbe4..c639b54a543 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -339,7 +339,8 @@ static int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *ctx,
     if (!sk_X509_OBJECT_is_sorted(store->objs)) {
         X509_STORE_unlock(store);
         /* Take a write lock instead of a read lock */
-        X509_STORE_lock(store);
+        if (!X509_STORE_lock(store))
+            return 0;
         /*
          * Another thread might have sorted it in the meantime. But if so,
          * sk_X509_OBJECT_sort() exits early.