If ssl_cert_dup() fails in SSL_set_SSL_CTX(3), return failure - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	schwarze <>	2020-09-18 16:18:56 +0000
committer	schwarze <>	2020-09-18 16:18:56 +0000
commit	a4fede3dd4df29c213d7d3e5ba6b126d77af33b5 (patch)
tree	22cef703eb6773ec5445f164a36eb80856fb0432 /src/regress/lib/libc/sys/t_getitimer.c
parent	fba76a3645753641e00c78f5e5f52e3c86bd1426 (diff)
download	openbsd-a4fede3dd4df29c213d7d3e5ba6b126d77af33b5.tar.gz openbsd-a4fede3dd4df29c213d7d3e5ba6b126d77af33b5.tar.bz2 openbsd-a4fede3dd4df29c213d7d3e5ba6b126d77af33b5.zip

If ssl_cert_dup() fails in SSL_set_SSL_CTX(3), return failure

rather than silently leaving a NULL pointer in ssl->cert. Kurt Roeckx fixed the same bug similarly in OpenSSL in 2015. While here, (1) make the code easier to read and more robust by returning right away when ssl still uses the context it was created from and the ctx argument is NULL, rather than doing a lot of work that changes nothing unless data is already corrupt, and (2) use the shorter and more inituitive SSL_CTX_up_ref(3) rather than manually calling CRYPTO_add(3), which means no functional change and is also in the OpenSSL 1.1 branch. OK tb@

Diffstat (limited to 'src/regress/lib/libc/sys/t_getitimer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: