diff options
author | MrRurikov <96385824+MrRurikov@users.noreply.github.com> | 2024-02-21 11:11:34 +0300 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-02-22 12:45:37 +0100 |
commit | 36332d996412cc77b444e0ea4a65d36ee494dd3d (patch) | |
tree | 9aa80282afb66ab71a8660943fc84a7c5fe63a47 | |
parent | 801eed6e29623584914824dcfec15ec8e3a86dd3 (diff) |
s_cb.c: Add missing return value checks
Return value of function 'SSL_CTX_ctrl', that is called from
SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(),
is not checked, but it is usually checked for this function.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23647)
(cherry picked from commit 6f794b461c6e16c8afb996ee190e084cbbddb6b8)
-rw-r--r-- | apps/lib/s_cb.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index b27518c763..818c525264 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -1321,7 +1321,8 @@ int ssl_load_stores(SSL_CTX *ctx, if (vfyCAstore != NULL && !X509_STORE_load_store(vfy, vfyCAstore)) goto err; add_crls_store(vfy, crls); - SSL_CTX_set1_verify_cert_store(ctx, vfy); + if (SSL_CTX_set1_verify_cert_store(ctx, vfy) == 0) + goto err; if (crl_download) store_setup_crl_download(vfy); } @@ -1335,7 +1336,8 @@ int ssl_load_stores(SSL_CTX *ctx, goto err; if (chCAstore != NULL && !X509_STORE_load_store(ch, chCAstore)) goto err; - SSL_CTX_set1_chain_cert_store(ctx, ch); + if (SSL_CTX_set1_chain_cert_store(ctx, ch) == 0) + goto err; } rv = 1; err: |