From 42772df59bef7422060fbe70551c72d804bc669a Mon Sep 17 00:00:00 2001
From: Todd Short <todd.short@me.com>
Date: Fri, 13 Oct 2023 10:18:52 -0400
Subject: Fix potential NULL deref in ssl_old_test.c

Fix #22367

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22383)
---
 test/ssl_old_test.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
index fe168472d3..b0f4ae3ac5 100644
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@@ -906,7 +906,8 @@ int main(int argc, char *argv[])
         { APP_CALLBACK_STRING, 0 };
     SSL_CTX *c_ctx = NULL;
     const SSL_METHOD *meth = NULL;
-    SSL *c_ssl, *s_ssl;
+    SSL *c_ssl = NULL;
+    SSL *s_ssl = NULL;
     int number = 1, reuse = 0;
     int should_reuse = -1;
     int no_ticket = 0;
@@ -1769,6 +1770,8 @@ int main(int argc, char *argv[])
 
     c_ssl = SSL_new(c_ctx);
     s_ssl = SSL_new(s_ctx);
+    if (c_ssl == NULL || s_ssl == NULL)
+        goto end;
 
     if (sn_client)
         SSL_set_tlsext_host_name(c_ssl, sn_client);
@@ -1829,10 +1832,11 @@ int main(int argc, char *argv[])
         case BIO_IPV4:
         case BIO_IPV6:
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
 #endif
         }
-        if (ret != EXIT_SUCCESS)  break;
+        if (ret != EXIT_SUCCESS)
+            break;
     }
 
     if (should_negotiate && ret == EXIT_SUCCESS &&
@@ -1842,13 +1846,13 @@ int main(int argc, char *argv[])
         if (version < 0) {
             BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
         if (SSL_version(c_ssl) != version) {
             BIO_printf(bio_err, "Unexpected version negotiated. "
                 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
     }
 
@@ -1859,20 +1863,20 @@ int main(int argc, char *argv[])
                 "Expected: %d, server: %d, client: %d\n", should_reuse,
                 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
     }
 
     if (server_sess_out != NULL) {
         if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
     }
     if (client_sess_out != NULL) {
         if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
     }
 
@@ -1898,11 +1902,9 @@ int main(int argc, char *argv[])
 #endif
     }
 
- err:
+ end:
     SSL_free(s_ssl);
     SSL_free(c_ssl);
-
- end:
     SSL_CTX_free(s_ctx);
     SSL_CTX_free(s_ctx2);
     SSL_CTX_free(c_ctx);
-- 
cgit v1.2.3