Bug 65717 - Missing check for the return value of BIO_new()
Summary: Missing check for the return value of BIO_new()
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.5-HEAD
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2021-12-01 14:54 UTC by Xiaoke Wang
Modified: 2021-12-18 11:40 UTC (History)
0 users

check BIO_new allocations (4.16 KB, patch)
2021-12-18 11:40 UTC, Giovanni Bechis
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Xiaoke Wang 2021-12-01 14:54:55 UTC
Missing a check for the return value of BIO_new() in https://github.com/apache/httpd/blob/d002199454f8bc841509cdffad1c695eeae2ca7e/modules/ssl/ssl_engine_vars.c#L1159 which may further result in wrong memory access when an internal memory error happens in BIO_new().
This bug is at least from 2.4.51 in httpd-2.4.51/modules/ssl/ssl_engine_vars.c:1086:24.

Similarly, there are several missing checks for BIO_new() in https://github.com/apache/httpd/blob/4d8f1f96b6e6e47a822a8e0d4c3f59d76b38ee87/modules/ssl/ssl_engine_io.c#L2290 & 2292 & 2325 & 2327. And in 2.4.51, they are located in httpd-2.4.51/modules/ssl/ssl_engine_io.c:2193 & 2195 & 2228 & 2230, respectively. 

Once BIO_new() returns NULL, these places will make wrong memory access and even result in corruption if lack of a valid check for BIO_new().
Comment 1 Xiaoke Wang 2021-12-05 03:34:29 UTC
Another one:
In the version of 2.4.51: httpd-2.4.51/modules/ssl/ssl_util_ocsp.c:38:11.
In current Github repository: https://github.com/apache/httpd/blob/c9f1a0a3010032e666bd6fecbad0c66d427d3f67/modules/ssl/ssl_util_ocsp.c#L38

Though this seems like a test file, it is worth fixing it with the other locations together.
Comment 2 Giovanni Bechis 2021-12-18 11:40:28 UTC
Created attachment 38135 [details]
check BIO_new allocations

Check for memory allocations from BIO_new.