From 125ab7da2aa00c37a379f0156c1ed78a79481021 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Thu, 1 Sep 2022 14:59:43 +0200
Subject: [PATCH] src: improve error handling in CloneSSLCerts

If sk_X509_new() returns NULL or if sk_X509_push() fails, return instead
of silently ignoring the error.

PR-URL: https://github.com/nodejs/node/pull/44410
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
---
 src/crypto/crypto_common.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
index e47044be506a13..3bf480f8f0c77d 100644
--- a/src/crypto/crypto_common.cc
+++ b/src/crypto/crypto_common.cc
@@ -323,8 +323,9 @@ constexpr auto GetCipherVersion = GetCipherValue<SSL_CIPHER_get_version>;
 StackOfX509 CloneSSLCerts(X509Pointer&& cert,
                           const STACK_OF(X509)* const ssl_certs) {
   StackOfX509 peer_certs(sk_X509_new(nullptr));
-  if (cert)
-    sk_X509_push(peer_certs.get(), cert.release());
+  if (!peer_certs) return StackOfX509();
+  if (cert && !sk_X509_push(peer_certs.get(), cert.release()))
+    return StackOfX509();
   for (int i = 0; i < sk_X509_num(ssl_certs); i++) {
     X509Pointer cert(X509_dup(sk_X509_value(ssl_certs, i)));
     if (!cert || !sk_X509_push(peer_certs.get(), cert.get()))