From db6281c6da9f0680a4284ec6cb9ea68ce90b7399 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Fri, 23 Dec 2022 02:27:47 +0000
Subject: Fix an unchecked strdup() in UI_create_method().

ok tb@
---
 src/lib/libcrypto/ui/ui_lib.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index e36c270a87..8811bf86c7 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ui_lib.c,v 1.48 2022/12/23 02:26:16 jsing Exp $ */
+/* $OpenBSD: ui_lib.c,v 1.49 2022/12/23 02:27:47 jsing Exp $ */
 /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
  * project 2001.
  */
@@ -561,16 +561,25 @@ UI_set_method(UI *ui, const UI_METHOD *meth)
 }
 LCRYPTO_ALIAS(UI_set_method)
 
-
 UI_METHOD *
 UI_create_method(const char *name)
 {
-	UI_METHOD *ui_method = calloc(1, sizeof(UI_METHOD));
+	UI_METHOD *method = NULL;
+
+	if ((method = calloc(1, sizeof(UI_METHOD))) == NULL)
+		goto err;
 
-	if (ui_method && name)
-		ui_method->name = strdup(name);
+	if (name != NULL) {
+		if ((method->name = strdup(name)) == NULL)
+			goto err;
+	}
 
-	return ui_method;
+	return method;
+
+ err:
+	UI_destroy_method(method);
+
+	return NULL;
 }
 LCRYPTO_ALIAS(UI_create_method)
 
-- 
cgit v1.2.3-55-g6feb