Check the return from OPENSSL_buf2hexstr()

The function OPENSSL_buf2hexstr() can return NULL if it fails to allocate
memory so the callers should check its return value.

Fixes #10525

Reported-by: Ziyang Li (@Liby99)

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10526)

1 files changed, 10 insertions, 1 deletions

diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.c
index b656b4b502..4898869b0b 100644
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.c
@@ -42,13 +42,22 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
     char *tmp;
     if (akeyid->keyid) {
         tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
-        X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, tmp, &extlist);
+        if (tmp == NULL) {
+            ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL,
+                         tmp, &extlist);
         OPENSSL_free(tmp);
     }
     if (akeyid->issuer)
         extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
     if (akeyid->serial) {
         tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
+        if (tmp == NULL) {
+            ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
         X509V3_add_value("serial", tmp, &extlist);
         OPENSSL_free(tmp);
     }