From a560c06af7d9ba68cb0e82d1d25652b9a6a5a336 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Fri, 31 Jul 2020 11:43:20 +0200 Subject: [PATCH] BUG/MEDIUM: ssl: check OCSP calloc in ssl_sock_load_ocsp() Check the return of the calloc in ssl_sock_load_ocsp() which could lead to a NULL dereference. This was introduced by commit be2774d ("MEDIUM: ssl: Added support for Multi-Cert OCSP Stapling"). Could be backported as far as 1.7. --- src/ssl_sock.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 69f6835c4..f98c5c071 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1342,9 +1342,13 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const struct cert_key_and_chain *ckc SSL_CTX_get_tlsext_status_cb(ctx, &callback); if (!callback) { - struct ocsp_cbk_arg *cb_arg = calloc(1, sizeof(*cb_arg)); + struct ocsp_cbk_arg *cb_arg; EVP_PKEY *pkey; + cb_arg = calloc(1, sizeof(*cb_arg)); + if (!cb_arg) + goto out; + cb_arg->is_single = 1; cb_arg->s_ocsp = iocsp;