check the return value of BIO_new() in t_x509.c:471 & cmp_vfy.c:36

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17175)

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index d3d9cca0d4180fb6b19a20d9b732698b6f97b5e8..d9fd23425b559e3f74f00fe7da595a84e73f919c 100644 (file)
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -34,7 +34,10 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
         return 0;
 
     bio = BIO_new(BIO_s_mem()); /* may be NULL */
-
+    if (bio == NULL) {
+        ERR_raise(ERR_LIB_CMP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
     /* verify that keyUsage, if present, contains digitalSignature */
     if (!cmp_ctx->ignore_keyusage
             && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) {

diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c
index 95ee5f519fdddca24672cc2c36f8c77d7ea8f3c5..ae39b0f231a1a8ec5e7c4924226de81bb7fa4bbd 100644 (file)
--- a/crypto/x509/t_x509.c
+++ b/crypto/x509/t_x509.c
@@ -470,6 +470,10 @@ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx)
         int cert_error = X509_STORE_CTX_get_error(ctx);
         BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */
 
+        if (bio == NULL) {
+            ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
         BIO_printf(bio, "%s at depth = %d error = %d (%s)\n",
                    X509_STORE_CTX_get0_parent_ctx(ctx) != NULL
                    ? "CRL path validation"