Skip to content

Commit

Permalink
src: improve error handling in CloneSSLCerts
Browse files Browse the repository at this point in the history 
If sk_X509_new() returns NULL or if sk_X509_push() fails, return instead
of silently ignoring the error.

PR-URL: #44410
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
  • Loading branch information
@tniessen @RafaelGSS
tniessen authored and RafaelGSS committed Sep 7, 2022
1 parent aa34f73 commit 125ab7d
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/crypto/crypto_common.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,8 +323,9 @@ constexpr auto GetCipherVersion = GetCipherValue<SSL_CIPHER_get_version>;
StackOfX509 CloneSSLCerts(X509Pointer&& cert,
const STACK_OF(X509)* const ssl_certs) {
StackOfX509 peer_certs(sk_X509_new(nullptr));
if (cert)
sk_X509_push(peer_certs.get(), cert.release());
if (!peer_certs) return StackOfX509();
if (cert && !sk_X509_push(peer_certs.get(), cert.release()))
return StackOfX509();
for (int i = 0; i < sk_X509_num(ssl_certs); i++) {
X509Pointer cert(X509_dup(sk_X509_value(ssl_certs, i)));
if (!cert || !sk_X509_push(peer_certs.get(), cert.get()))
Expand Down

0 comments on commit 125ab7d

Please sign in to comment.