You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by gb...@apache.org on 2022/02/24 11:52:46 UTC
svn commit: r1898368 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Author: gbechis
Date: Thu Feb 24 11:52:46 2022
New Revision: 1898368
URL: http://svn.apache.org/viewvc?rev=1898368&view=rev
Log:
return early if X509_STORE_CTX_init fails
bz 65902
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1898368&r1=1898367&r2=1898368&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Feb 24 11:52:46 2022
@@ -926,7 +926,10 @@ static int ssl_hook_Access_classic(reque
}
cert_store_ctx = X509_STORE_CTX_new();
- X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack);
+ if (!X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack)) {
+ X509_STORE_CTX_free(cert_store_ctx);
+ return HTTP_FORBIDDEN;
+ }
depth = SSL_get_verify_depth(ssl);
if (depth >= 0) {