You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by gb...@apache.org on 2022/02/24 11:52:46 UTC

svn commit: r1898368 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Author: gbechis
Date: Thu Feb 24 11:52:46 2022
New Revision: 1898368

URL: http://svn.apache.org/viewvc?rev=1898368&view=rev
Log:
return early if X509_STORE_CTX_init fails
bz 65902

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1898368&r1=1898367&r2=1898368&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Feb 24 11:52:46 2022
@@ -926,7 +926,10 @@ static int ssl_hook_Access_classic(reque
             }
 
             cert_store_ctx = X509_STORE_CTX_new();
-            X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack);
+            if (!X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack)) {
+                X509_STORE_CTX_free(cert_store_ctx);
+                return HTTP_FORBIDDEN;
+            }
             depth = SSL_get_verify_depth(ssl);
 
             if (depth >= 0) {