Check value returned by X509_OBJECT_new()

Reported by Alexander Couzens, thanks to him !
2016-11-12 00:52:50 +01:00 · 2016-11-12 00:52:50 +01:00 · 2e81cca480
parent e452c023ad
commit 2e81cca480
1 changed files with 24 additions and 21 deletions
--- a/src/connection.c
+++ b/src/connection.c
@ -1374,7 +1374,9 @@ static int bip_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 			 err == X509_V_ERR_CERT_HAS_EXPIRED ||
 			 err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)) {

-		xobj = X509_OBJECT_new();
+		if (!(xobj = X509_OBJECT_new())) {
+			result = 0;
+		} else {
 			if (X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509,
 					X509_get_subject_name(err_cert), xobj) > 0 &&
 					!X509_cmp(X509_OBJECT_get0_X509(xobj), err_cert)) {
@ -1399,6 +1401,7 @@ static int bip_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 			}
 			X509_OBJECT_free(xobj);
 		}
+	}

 	if (!result) {
 		/* We have a verify error! Log it */