From c4019b581d44be29251152d75f0d5942e4850252 Mon Sep 17 00:00:00 2001
From: AntonMoryakov <ant.v.moryakov@gmail.com>
Date: Fri, 16 May 2025 17:19:21 +0300
Subject: [PATCH] apps: lib: Prevent potential NULL dereference in
 init_client()

apps: lib: Simplify ba_ret handling in init_client()

Simplify logic around ba_ret assignment:
- Fail early if ba_ret == NULL
- Assign directly otherwise, without checking *ba_ret

This avoids extra nesting and matches OpenSSL's conventions.

CLA: trivial
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Co-authored-by: Tomas Mraz <tomas@openssl.org>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26783)

(cherry picked from commit 3161f460fa7eacc7a93f8edf413c78b4dcf65823)
---
 apps/lib/s_socket.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index 90fe9c56195..9a91b3190f4 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -178,8 +178,16 @@ int init_client(int *sock, const char *host, const char *port,
         }
 
         /* Save the address */
-        if (tfo || !doconn)
+        if (tfo || !doconn) {
+            if (ba_ret == NULL) {
+                BIO_printf(bio_err, "Internal error\n");
+                BIO_closesocket(*sock);
+                *sock = INVALID_SOCKET;
+                goto out;
+            }
+
             *ba_ret = BIO_ADDR_dup(BIO_ADDRINFO_address(ai));
+        }
 
         /* Success, don't try any more addresses */
         break;
-- 
2.47.2