Fix potential NULL deref in ssl_old_test.c

Fix #22367

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22383)

(cherry picked from commit 42772df59bef7422060fbe70551c72d804bc669a)

diff --git a/test/ssl_old_test.c b/test/ssl_old_test.c
index 0a7d78d564cf7c90d3bb54e9b6253d32eca661bb..2f141d00df231d029bae33b0fc7656e962353d74 100644 (file)
--- a/test/ssl_old_test.c
+++ b/test/ssl_old_test.c
@@ -894,7 +894,8 @@ int main(int argc, char *argv[])
         { APP_CALLBACK_STRING, 0 };
     SSL_CTX *c_ctx = NULL;
     const SSL_METHOD *meth = NULL;
-    SSL *c_ssl, *s_ssl;
+    SSL *c_ssl = NULL;
+    SSL *s_ssl = NULL;
     int number = 1, reuse = 0;
     int should_reuse = -1;
     int no_ticket = 0;
@@ -1759,6 +1760,8 @@ int main(int argc, char *argv[])
 
     c_ssl = SSL_new(c_ctx);
     s_ssl = SSL_new(s_ctx);
+    if (c_ssl == NULL || s_ssl == NULL)
+        goto end;
 
     if (sn_client)
         SSL_set_tlsext_host_name(c_ssl, sn_client);
@@ -1819,10 +1822,11 @@ int main(int argc, char *argv[])
         case BIO_IPV4:
         case BIO_IPV6:
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
 #endif
         }
-        if (ret != EXIT_SUCCESS)  break;
+        if (ret != EXIT_SUCCESS)
+            break;
     }
 
     if (should_negotiate && ret == EXIT_SUCCESS &&
@@ -1832,13 +1836,13 @@ int main(int argc, char *argv[])
         if (version < 0) {
             BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
         if (SSL_version(c_ssl) != version) {
             BIO_printf(bio_err, "Unexpected version negotiated. "
                 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
     }
 
@@ -1849,20 +1853,20 @@ int main(int argc, char *argv[])
                 "Expected: %d, server: %d, client: %d\n", should_reuse,
                 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
     }
 
     if (server_sess_out != NULL) {
         if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
     }
     if (client_sess_out != NULL) {
         if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
             ret = EXIT_FAILURE;
-            goto err;
+            goto end;
         }
     }
 
@@ -1888,11 +1892,9 @@ int main(int argc, char *argv[])
 #endif
     }
 
- err:
+ end:
     SSL_free(s_ssl);
     SSL_free(c_ssl);
-
- end:
     SSL_CTX_free(s_ctx);
     SSL_CTX_free(s_ctx2);
     SSL_CTX_free(c_ctx);