From a28ea7ac1cb01d4172453d646872b96b0f5c79d0 Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 20 May 2026 16:31:32 -0700 Subject: [PATCH] NULL *response on error in wolfSSL_d2i_OCSP_RESPONSE. Thanks to Zou Dikai for the report. --- src/ocsp.c | 8 ++++++++ tests/api/test_ocsp.c | 9 +++++++++ 2 files changed, 17 insertions(+) diff --git a/src/ocsp.c b/src/ocsp.c index b90fcc8af9..7aae36d075 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -1286,6 +1286,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, resp->source = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (resp->source == NULL) { XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + if (response != NULL && *response == resp) + *response = NULL; return NULL; } resp->single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, @@ -1293,6 +1295,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, if (resp->single == NULL) { XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + if (response != NULL && *response == resp) + *response = NULL; return NULL; } XMEMSET(resp->single, 0, sizeof(OcspEntry)); @@ -1303,6 +1307,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(resp->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); XFREE(resp, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + if (response != NULL && *response == resp) + *response = NULL; return NULL; } XMEMSET(resp->single->status, 0, sizeof(CertStatus)); @@ -1315,6 +1321,8 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, /* for just converting from a DER to an internal structure the CA may * not yet be known to this function for signature verification */ wolfSSL_OCSP_RESPONSE_free(resp); + if (response != NULL && *response == resp) + *response = NULL; return NULL; } diff --git a/tests/api/test_ocsp.c b/tests/api/test_ocsp.c index bd4a0633bb..7945c1433c 100644 --- a/tests/api/test_ocsp.c +++ b/tests/api/test_ocsp.c @@ -247,6 +247,15 @@ int test_ocsp_basic_verify(void) ExpectNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad))); + /* reuse failure must clear caller pointer */ + ptr = (const unsigned char*)resp; + ExpectNotNull( + response = wolfSSL_d2i_OCSP_RESPONSE(&response, &ptr, sizeof(resp))); + ptr = (const unsigned char*)resp_bad; + ExpectNull( + wolfSSL_d2i_OCSP_RESPONSE(&response, &ptr, sizeof(resp_bad))); + ExpectNull(response); + ptr = (const unsigned char*)resp; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp)));