Bug 65717

Summary: Missing check for the return value of BIO_new()
Product: Apache httpd-2 Reporter: Xiaoke Wang <xkernel.wang>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal Keywords: FixedInTrunk
Priority: P2    
Version: 2.5-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: All   
Attachments: check BIO_new allocations

Description Xiaoke Wang 2021-12-01 14:54:55 UTC 
Missing a check for the return value of BIO_new() in https://github.com/apache/httpd/blob/d002199454f8bc841509cdffad1c695eeae2ca7e/modules/ssl/ssl_engine_vars.c#L1159 which may further result in wrong memory access when an internal memory error happens in BIO_new().
This bug is at least from 2.4.51 in httpd-2.4.51/modules/ssl/ssl_engine_vars.c:1086:24.

Similarly, there are several missing checks for BIO_new() in https://github.com/apache/httpd/blob/4d8f1f96b6e6e47a822a8e0d4c3f59d76b38ee87/modules/ssl/ssl_engine_io.c#L2290 & 2292 & 2325 & 2327. And in 2.4.51, they are located in httpd-2.4.51/modules/ssl/ssl_engine_io.c:2193 & 2195 & 2228 & 2230, respectively. 

Once BIO_new() returns NULL, these places will make wrong memory access and even result in corruption if lack of a valid check for BIO_new().
Comment 1 Xiaoke Wang 2021-12-05 03:34:29 UTC 
Another one:
In the version of 2.4.51: httpd-2.4.51/modules/ssl/ssl_util_ocsp.c:38:11.
In current Github repository: https://github.com/apache/httpd/blob/c9f1a0a3010032e666bd6fecbad0c66d427d3f67/modules/ssl/ssl_util_ocsp.c#L38

Though this seems like a test file, it is worth fixing it with the other locations together.
Comment 2 Giovanni Bechis 2021-12-18 11:40:28 UTC 
Created attachment 38135 [details]
check BIO_new allocations

Check for memory allocations from BIO_new.