crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup

Since the potential failure of memory allocation, it should be better to check the return value of the OPENSSL_strndup(), like x509v3_add_len_value(). And following the comment of 'if (astrlen < 0)', return -1 if fails. Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17737)
2025-01-18 13:44:20 +08:00 · 2022-02-21 09:51:54 +08:00 · 2022-02-21 09:51:54 +08:00 · 366a162639
commit 366a162639
parent 885d97fbf8
1 changed files with 10 additions and 2 deletions
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@ -833,8 +833,11 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
            rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
        else if (a->length == (int)blen && !memcmp(a->data, b, blen))
            rv = 1;
-        if (rv > 0 && peername)
+        if (rv > 0 && peername != NULL) {
            *peername = OPENSSL_strndup((char *)a->data, a->length);
+            if (*peername == NULL)
+                return -1;
+        }
    } else {
        int astrlen;
        unsigned char *astr;
@ -847,8 +850,13 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
            return -1;
        }
        rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
-        if (rv > 0 && peername)
+        if (rv > 0 && peername != NULL) {
            *peername = OPENSSL_strndup((char *)astr, astrlen);
+            if (*peername == NULL) {
+                OPENSSL_free(astr);
+                return -1;
+            }
+        }
        OPENSSL_free(astr);
    }
    return rv;