openssl: check the return value of BIO_new_mem_buf()

Closes #8233
author: xkernel <xkernel.wang@foxmail.com> 2022-01-06 21:29:02 +0800
committer: Daniel Stenberg <daniel@haxx.se> 2022-01-07 09:34:08 +0100
commit: 30aea2b1ede1aa36429858b27c3c140e96647b29 (patch)
tree: 42db22e951d095860ffa6375681e0e5857236c1f
parent: 60080202bb05a269e6260394cf21ebd5bbbbba31 (diff)
download: curl-30aea2b1ede1aa36429858b27c3c140e96647b29.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f836c63b0..ecff9f512 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -3953,9 +3953,20 @@ static CURLcode servercert(struct Curl_easy *data,
 
     /* e.g. match issuer name with provided issuer certificate */
     if(SSL_CONN_CONFIG(issuercert) || SSL_CONN_CONFIG(issuercert_blob)) {
-      if(SSL_CONN_CONFIG(issuercert_blob))
+      if(SSL_CONN_CONFIG(issuercert_blob)) {
         fp = BIO_new_mem_buf(SSL_CONN_CONFIG(issuercert_blob)->data,
                              (int)SSL_CONN_CONFIG(issuercert_blob)->len);
+        if(!fp) {
+          failf(data,
+                "BIO_new_mem_buf NULL, " OSSL_PACKAGE
+                " error %s",
+                ossl_strerror(ERR_get_error(), error_buffer,
+                              sizeof(error_buffer)) );
+          X509_free(backend->server_cert);
+          backend->server_cert = NULL;
+          return CURLE_OUT_OF_MEMORY;
+        }
+      }
       else {
         fp = BIO_new(BIO_s_file());
         if(!fp) {
author	xkernel <xkernel.wang@foxmail.com>	2022-01-06 21:29:02 +0800
committer	Daniel Stenberg <daniel@haxx.se>	2022-01-07 09:34:08 +0100
commit	30aea2b1ede1aa36429858b27c3c140e96647b29 (patch)
tree	42db22e951d095860ffa6375681e0e5857236c1f
parent	60080202bb05a269e6260394cf21ebd5bbbbba31 (diff)
download	curl-30aea2b1ede1aa36429858b27c3c140e96647b29.tar.gz