From 82cfb500b2f5e9329aaf9c640e34b6b1526a2178 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Thu, 1 Sep 2022 14:59:43 +0200 Subject: [PATCH] src: improve error handling in CloneSSLCerts If sk_X509_new() returns NULL or if sk_X509_push() fails, return instead of silently ignoring the error. PR-URL: https://github.com/nodejs/node/pull/44410 Reviewed-By: Ben Noordhuis Reviewed-By: James M Snell Reviewed-By: Filip Skokan --- src/crypto/crypto_common.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc index e47044be506a13..3bf480f8f0c77d 100644 --- a/src/crypto/crypto_common.cc +++ b/src/crypto/crypto_common.cc @@ -323,8 +323,9 @@ constexpr auto GetCipherVersion = GetCipherValue; StackOfX509 CloneSSLCerts(X509Pointer&& cert, const STACK_OF(X509)* const ssl_certs) { StackOfX509 peer_certs(sk_X509_new(nullptr)); - if (cert) - sk_X509_push(peer_certs.get(), cert.release()); + if (!peer_certs) return StackOfX509(); + if (cert && !sk_X509_push(peer_certs.get(), cert.release())) + return StackOfX509(); for (int i = 0; i < sk_X509_num(ssl_certs); i++) { X509Pointer cert(X509_dup(sk_X509_value(ssl_certs, i))); if (!cert || !sk_X509_push(peer_certs.get(), cert.get()))