From 30aea2b1ede1aa36429858b27c3c140e96647b29 Mon Sep 17 00:00:00 2001
From: xkernel <xkernel.wang@foxmail.com>
Date: Thu, 6 Jan 2022 21:29:02 +0800
Subject: [PATCH] openssl: check the return value of BIO_new_mem_buf()

Closes #8233
---
 lib/vtls/openssl.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f836c63b07..ecff9f5129 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3953,9 +3953,20 @@ static CURLcode servercert(struct Curl_easy *data,
 
     /* e.g. match issuer name with provided issuer certificate */
     if(SSL_CONN_CONFIG(issuercert) || SSL_CONN_CONFIG(issuercert_blob)) {
-      if(SSL_CONN_CONFIG(issuercert_blob))
+      if(SSL_CONN_CONFIG(issuercert_blob)) {
         fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data,
                              (int)SSL_CONN_CONFIG(issuercert_blob)->len);
+        if(!fp) {
+          failf(data,
+                "BIO_new_mem_buf NULL, " OSSL_PACKAGE
+                " error %s",
+                ossl_strerror(ERR_get_error(), error_buffer,
+                              sizeof(error_buffer)) );
+          X509_free(backend->server_cert);
+          backend->server_cert = NULL;
+          return CURLE_OUT_OF_MEMORY;
+        }
+      }
       else {
         fp = BIO_new(BIO_s_file());
         if(!fp) {
-- 
2.47.3