diff options
author | Giovanni Bechis <gbechis@apache.org> | 2022-02-24 11:52:46 +0000 |
---|---|---|
committer | Giovanni Bechis <gbechis@apache.org> | 2022-02-24 11:52:46 +0000 |
commit | 80a4538022762794dc9e04dd5886a9bfce61418d (patch) | |
tree | 49a3d9fafc56380d4bf2e654bdd59cc62a755543 /modules/ssl | |
parent | 92da7145f54fc9b5369fd8444cf8a3a968ef2bcf (diff) | |
download | httpd-80a4538022762794dc9e04dd5886a9bfce61418d.tar.gz |
return early if X509_STORE_CTX_init fails
bz 65902
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898368 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl')
-rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index a175d3e075..b5f5379a89 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -926,7 +926,10 @@ static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirCo } cert_store_ctx = X509_STORE_CTX_new(); - X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack); + if (!X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack)) { + X509_STORE_CTX_free(cert_store_ctx); + return HTTP_FORBIDDEN; + } depth = SSL_get_verify_depth(ssl); if (depth >= 0) { |