You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by gb...@apache.org on 2022/02/01 15:29:18 UTC
svn commit: r1897663 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_io.c ssl_engine_vars.c ssl_private.h ssl_util_ocsp.c
Author: gbechis
Date: Tue Feb 1 15:29:18 2022
New Revision: 1897663
URL: http://svn.apache.org/viewvc?rev=1897663&view=rev
Log:
check BIO_new(3) return values
Modified:
httpd/httpd/trunk/modules/ssl/mod_ssl.c
httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=1897663&r1=1897662&r2=1897663&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Tue Feb 1 15:29:18 2022
@@ -642,9 +642,7 @@ int ssl_init_ssl_connection(conn_rec *c,
SSL_set_verify_result(ssl, X509_V_OK);
- ssl_io_filter_init(c, r, ssl);
-
- return APR_SUCCESS;
+ return ssl_io_filter_init(c, r, ssl);
}
static const char *ssl_hook_http_scheme(const request_rec *r)
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?rev=1897663&r1=1897662&r2=1897663&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Tue Feb 1 15:29:18 2022
@@ -2320,7 +2320,7 @@ static apr_status_t ssl_io_filter_buffer
/* The request_rec pointer is passed in here only to ensure that the
* filter chain is modified correctly when doing a TLS upgrade. It
* must *not* be used otherwise. */
-static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
+static apr_status_t ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
request_rec *r, SSL *ssl)
{
bio_filter_in_ctx_t *inctx;
@@ -2334,6 +2334,9 @@ static void ssl_io_input_add_filter(ssl_
#else
filter_ctx->pbioRead = BIO_new(bio_filter_in_method);
#endif
+ if(filter_ctx->pbioRead == NULL) {
+ return APR_ENOMEM;
+ }
BIO_set_data(filter_ctx->pbioRead, (void *)inctx);
inctx->c = c;
@@ -2347,14 +2350,16 @@ static void ssl_io_input_add_filter(ssl_
inctx->block = APR_BLOCK_READ;
inctx->pool = c->pool;
inctx->filter_ctx = filter_ctx;
+ return APR_SUCCESS;
}
/* The request_rec pointer is passed in here only to ensure that the
* filter chain is modified correctly when doing a TLS upgrade. It
* must *not* be used otherwise. */
-void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl)
+apr_status_t ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl)
{
ssl_filter_ctx_t *filter_ctx;
+ apr_status_t rv = APR_SUCCESS;
filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
@@ -2370,9 +2375,15 @@ void ssl_io_filter_init(conn_rec *c, req
#else
filter_ctx->pbioWrite = BIO_new(bio_filter_out_method);
#endif
+ if(filter_ctx->pbioWrite == NULL) {
+ return APR_ENOMEM;
+ }
BIO_set_data(filter_ctx->pbioWrite, (void *)bio_filter_out_ctx_new(filter_ctx, c));
- ssl_io_input_add_filter(filter_ctx, c, r, ssl);
+ rv = ssl_io_input_add_filter(filter_ctx, c, r, ssl);
+ if(rv != APR_SUCCESS) {
+ return rv;
+ }
SSL_set_bio(ssl, filter_ctx->pbioRead, filter_ctx->pbioWrite);
filter_ctx->pssl = ssl;
@@ -2391,7 +2402,7 @@ void ssl_io_filter_init(conn_rec *c, req
}
}
- return;
+ return APR_SUCCESS;
}
void ssl_io_filter_register(apr_pool_t *p)
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?rev=1897663&r1=1897662&r2=1897663&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Tue Feb 1 15:29:18 2022
@@ -1157,6 +1157,11 @@ apr_array_header_t *ssl_ext_list(apr_poo
if (OBJ_cmp(X509_EXTENSION_get_object(ext), oid) == 0) {
BIO *bio = BIO_new(BIO_s_mem());
+ if(bio == NULL) {
+ X509_free(xs);
+ ASN1_OBJECT_free(oid);
+ return NULL;
+ }
/* We want to obtain a string representation of the extensions
* value and add it to the array we're building.
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1897663&r1=1897662&r2=1897663&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Tue Feb 1 15:29:18 2022
@@ -1010,7 +1010,7 @@ void modssl_callback_keylog(cons
#endif
/** I/O */
-void ssl_io_filter_init(conn_rec *, request_rec *r, SSL *);
+apr_status_t ssl_io_filter_init(conn_rec *, request_rec *r, SSL *);
void ssl_io_filter_register(apr_pool_t *);
long ssl_io_data_cb(BIO *, int, const char *, int, long, long);
Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c?rev=1897663&r1=1897662&r2=1897663&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ocsp.c Tue Feb 1 15:29:18 2022
@@ -36,6 +36,9 @@ static BIO *serialize_request(OCSP_REQUE
len = i2d_OCSP_REQUEST(req, NULL);
bio = BIO_new(BIO_s_mem());
+ if(bio == NULL) {
+ return NULL;
+ }
BIO_printf(bio, "POST ");
/* Use full URL instead of URI in case of a request through a proxy */