65905 – modules/ssl/ssl_engine_init.c: Add check for X509_STORE_CTX_init

Bug 65905 - modules/ssl/ssl_engine_init.c: Add check for X509_STORE_CTX_init

Summary: modules/ssl/ssl_engine_init.c: Add check for X509_STORE_CTX_init

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.5-HEAD
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-02-21 08:41 UTC by Jiasheng Jiang
Modified:	2022-02-25 09:24 UTC (History)
CC List:	0 users

Attachments
0001-modules-ssl-ssl_engine_init-Add-check-for-X509_STORE_CTX_init.patch (630 bytes, patch) 2022-02-21 08:41 UTC, Jiasheng Jiang	Details \| Diff
Free sctx and sk (936 bytes, patch) 2022-02-24 12:00 UTC, Giovanni Bechis	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jiasheng Jiang 2022-02-21 08:41:59 UTC

Created attachment 38208 [details]
0001-modules-ssl-ssl_engine_init-Add-check-for-X509_STORE_CTX_init.patch

As the potential failure of the X509_STORE_CTX_init(),
for example there is no lock, the 'sctx' could fail to
initialize.
Therefore, it should be better to check X509_STORE_CTX_init()
and return error if fails.

Comment 1 Giovanni Bechis 2022-02-24 12:00:39 UTC

Created attachment 38212 [details]
Free sctx and sk

I think also sk should be freed in this case.

Comment 2 Jiasheng Jiang 2022-02-25 01:47:07 UTC

OK, that's right.
Need I submit a new patch, or directly using your 'attachment 38212 [details]'?

Comment 3 Giovanni Bechis 2022-02-25 09:24:04 UTC

Committed in r1898410.