Skip to content

Commit 125ab7d

Browse files
tniessenRafaelGSS
tniessen
authored and
RafaelGSS
committed
src: improve error handling in CloneSSLCerts
If sk_X509_new() returns NULL or if sk_X509_push() fails, return instead of silently ignoring the error. PR-URL: #44410 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
1 parent aa34f73 commit 125ab7d

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

src/crypto/crypto_common.cc

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -323,8 +323,9 @@ constexpr auto GetCipherVersion = GetCipherValue<SSL_CIPHER_get_version>;
323323
StackOfX509 CloneSSLCerts(X509Pointer&& cert,
324324
const STACK_OF(X509)* const ssl_certs) {
325325
StackOfX509 peer_certs(sk_X509_new(nullptr));
326-
if (cert)
327-
sk_X509_push(peer_certs.get(), cert.release());
326+
if (!peer_certs) return StackOfX509();
327+
if (cert && !sk_X509_push(peer_certs.get(), cert.release()))
328+
return StackOfX509();
328329
for (int i = 0; i < sk_X509_num(ssl_certs); i++) {
329330
X509Pointer cert(X509_dup(sk_X509_value(ssl_certs, i)));
330331
if (!cert || !sk_X509_push(peer_certs.get(), cert.get()))

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy