Add check for the return value of xor_get_aid() in order to avoid NULL pointer deference.
For example, "algor" could be NULL if the allocation of X509_ALGOR_new() fails. As a result, i2d_X509_ALGOR() will return 0 and "ctx->aid" will be an invalid value NULL.
Fixes: f4ed6eed2c ("SSL_set1_groups_list(): Fix memory corruption with 40 groups and more")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23764)
OPENSSL_free(ctx->aid);
ctx->aid = NULL;
ctx->aid_len = xor_get_aid(&(ctx->aid), ctx->sig->tls_name);
+ if (ctx->aid_len <= 0) {
+ EVP_MD_free(md);
+ return 0;
+ }
ctx->mdctx = NULL;
ctx->md = md;