check return value of functions that call BIO_new()

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17850)

1 files changed, 12 insertions, 1 deletions

diff --git a/fuzz/client.c b/fuzz/client.c
index 698ff0f669..1f8933eb22 100644
--- a/fuzz/client.c
+++ b/fuzz/client.c
@@ -55,7 +55,7 @@ int FuzzerInitialize(int *argc, char ***argv)
 
 int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
-    SSL *client;
+    SSL *client = NULL;
     BIO *in;
     BIO *out;
     SSL_CTX *ctx;
@@ -65,13 +65,23 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
     /* This only fuzzes the initial flow from the client so far. */
     ctx = SSL_CTX_new(SSLv23_method());
+    if (ctx == NULL)
+        goto end;
 
     client = SSL_new(ctx);
+    if (client == NULL)
+        goto end;
     OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1);
     OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1);
     SSL_set_tlsext_host_name(client, "localhost");
     in = BIO_new(BIO_s_mem());
+    if (in == NULL)
+        goto end;
     out = BIO_new(BIO_s_mem());
+    if (out == NULL) {
+        BIO_free(in);
+        goto end;
+    }
     SSL_set_bio(client, in, out);
     SSL_set_connect_state(client);
     OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
@@ -84,6 +94,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
             }
         }
     }
+ end:
     SSL_free(client);
     ERR_clear_error();
     SSL_CTX_free(ctx);