From 936ccbea901837802fa9a6f8e01c3351a2a3624b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Fri, 26 Aug 2022 16:12:18 +0000 Subject: [PATCH] src: improve error handling in CloneSSLCerts If sk_X509_new() returns NULL or if sk_X509_push() fails, return instead of silently ignoring the error. --- src/crypto/crypto_common.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc index e47044be506a13..3bf480f8f0c77d 100644 --- a/src/crypto/crypto_common.cc +++ b/src/crypto/crypto_common.cc @@ -323,8 +323,9 @@ constexpr auto GetCipherVersion = GetCipherValue; StackOfX509 CloneSSLCerts(X509Pointer&& cert, const STACK_OF(X509)* const ssl_certs) { StackOfX509 peer_certs(sk_X509_new(nullptr)); - if (cert) - sk_X509_push(peer_certs.get(), cert.release()); + if (!peer_certs) return StackOfX509(); + if (cert && !sk_X509_push(peer_certs.get(), cert.release())) + return StackOfX509(); for (int i = 0; i < sk_X509_num(ssl_certs); i++) { X509Pointer cert(X509_dup(sk_X509_value(ssl_certs, i))); if (!cert || !sk_X509_push(peer_certs.get(), cert.get()))