From: Pauli <paul.dale@oracle.com>
Date: Sun, 26 Apr 2020 23:32:14 +0000 (+1000)
Subject: coverity 1462581 Dereference after null check
X-Git-Tag: openssl-3.0.0-alpha2~108
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=64e54bf5c6657bf423d3ba463f31095d598d94e7

coverity 1462581 Dereference after null check

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11651)
---

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 51bfa439f0..408404958e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -872,7 +872,10 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
             untrusted = cpk->chain;
     }
 
-    xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
+    if (s == NULL)
+        xs_ctx = X509_STORE_CTX_new_with_libctx(ctx->libctx, ctx->propq);
+    else
+        xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
     if (xs_ctx == NULL) {
         SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
         goto err;