Do not prepend $OPENSSL_CONF_INCLUDE to absolute include paths

Also check for malloc failure and do not add '/' when
$OPENSSL_CONF_INCLUDE already ends with directory separator.

Fixes #13302

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13306)

1 files changed, 9 insertions, 2 deletions

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 63dfaef4d8..dd2d16647a 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -414,12 +414,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 if (!str_copy(conf, psection, &include, p))
                     goto err;
 
-                if (include_dir != NULL) {
+                if (include_dir != NULL && !ossl_is_absolute_path(include)) {
                     size_t newlen = strlen(include_dir) + strlen(include) + 2;
 
                     include_path = OPENSSL_malloc(newlen);
+                    if (include_path == NULL) {
+                        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                        OPENSSL_free(include);
+                        goto err;
+                    }
+
                     OPENSSL_strlcpy(include_path, include_dir, newlen);
-                    OPENSSL_strlcat(include_path, "/", newlen);
+                    if (!ossl_ends_with_dirsep(include_path))
+                        OPENSSL_strlcat(include_path, "/", newlen);
                     OPENSSL_strlcat(include_path, include, newlen);
                     OPENSSL_free(include);
                 } else {