NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE.

Thanks to Zou Dikai for the report.
This commit is contained in:
Kareem
2026-05-20 16:31:32 -07:00
parent 872a03a056
commit a28ea7ac1c
2 changed files with 17 additions and 0 deletions
+8
View File
@@ -1286,6 +1286,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
resp->source = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (resp->source == NULL) {
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
if (response != NULL && *response == resp)
*response = NULL;
return NULL;
}
resp->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL,
@@ -1293,6 +1295,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
if (resp->single == NULL) {
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
if (response != NULL && *response == resp)
*response = NULL;
return NULL;
}
XMEMSET(resp->single, 0, sizeof(OcspEntry));
@@ -1303,6 +1307,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY);
XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
if (response != NULL && *response == resp)
*response = NULL;
return NULL;
}
XMEMSET(resp->single->status, 0, sizeof(CertStatus));
@@ -1315,6 +1321,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
/* for just converting from a DER to an internal structure the CA may
* not yet be known to this function for signature verification */
wolfSSL_OCSP_RESPONSE_free(resp);
if (response != NULL && *response == resp)
*response = NULL;
return NULL;
}
+9
View File
@@ -247,6 +247,15 @@ int test_ocsp_basic_verify(void)
ExpectNull(
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad)));
/* reuse failure must clear caller pointer */
ptr = (const unsigned char*)resp;
ExpectNotNull(
response = wolfSSL_d2i_OCSP_RESPONSE(&response, &ptr, sizeof(resp)));
ptr = (const unsigned char*)resp_bad;
ExpectNull(
wolfSSL_d2i_OCSP_RESPONSE(&response, &ptr, sizeof(resp_bad)));
ExpectNull(response);
ptr = (const unsigned char*)resp;
ExpectNotNull(
response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));