diff options
author | Ilya Shipitsin <chipitsine@gmail.com> | 2023-08-16 23:47:14 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-16 23:47:14 +0300 |
commit | 5d8ff7ed4fe5d79d191513a5917e28e2d3273b71 (patch) | |
tree | babf9c2896aab2e4c13864b8a8e8763f255c1e12 | |
parent | acb6a53b313bc6bdda52555f5bc8fedd061b122f (diff) | |
parent | 8f8677f164cc5eb92d41cb4255cdaed3a9ad28bb (diff) |
Merge pull request #1887 from chipitsine/master
additional error handling if SSL_CTX_new failed
-rw-r--r-- | src/Cedar/Proto_OpenVPN.c | 4 | ||||
-rw-r--r-- | src/Cedar/Proto_PPP.c | 6 | ||||
-rw-r--r-- | src/Cedar/Radius.c | 5 | ||||
-rw-r--r-- | src/Mayaqua/Network.c | 8 |
4 files changed, 23 insertions, 0 deletions
diff --git a/src/Cedar/Proto_OpenVPN.c b/src/Cedar/Proto_OpenVPN.c index 3b4e38c8..9143d46f 100644 --- a/src/Cedar/Proto_OpenVPN.c +++ b/src/Cedar/Proto_OpenVPN.c @@ -824,6 +824,10 @@ void OvsProcessRecvControlPacket(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN }
c->SslPipe = NewSslPipeEx(true, s->Cedar->ServerX, s->Cedar->ServerK, s->Dh, true, &c->ClientCert);
+ if (c->SslPipe == NULL)
+ {
+ return;
+ }
}
Unlock(s->Cedar->lock);
diff --git a/src/Cedar/Proto_PPP.c b/src/Cedar/Proto_PPP.c index 2c586e30..e9908e0a 100644 --- a/src/Cedar/Proto_PPP.c +++ b/src/Cedar/Proto_PPP.c @@ -3635,6 +3635,12 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize) {
p->Eap_TlsCtx.Dh = DhNewFromBits(DH_PARAM_BITS_DEFAULT);
p->Eap_TlsCtx.SslPipe = NewSslPipeEx3(true, p->Cedar->ServerX, p->Cedar->ServerK, p->Cedar->ServerChain, p->Eap_TlsCtx.Dh, true, &(p->Eap_TlsCtx.ClientCert), p->Eap_TlsCtx.Tls13SessionTicketsCount, p->Eap_TlsCtx.DisableTls13);
+ if (p->Eap_TlsCtx.SslPipe == NULL)
+ {
+ Debug("EAP-TLS: NewSslPipeEx3 failed\n");
+ PPPSetStatus(p, PPP_STATUS_FAIL);
+ return false;
+ }
}
// If the current frame is fragmented, or it is a possible last of a fragmented series, bufferize it
diff --git a/src/Cedar/Radius.c b/src/Cedar/Radius.c index 14c0821c..c17c5b42 100644 --- a/src/Cedar/Radius.c +++ b/src/Cedar/Radius.c @@ -417,6 +417,11 @@ bool StartPeapSslClient(EAP_CLIENT *e) }
e->SslPipe = NewSslPipe(false, NULL, NULL, NULL);
+ if (e->SslPipe == NULL)
+ {
+ return false;
+ }
+
send_fifo = e->SslPipe->RawOut->RecvFifo;
recv_fifo = e->SslPipe->RawIn->SendFifo;
diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c index d478bfd9..de0b053e 100644 --- a/src/Mayaqua/Network.c +++ b/src/Mayaqua/Network.c @@ -5724,6 +5724,10 @@ SSL_PIPE *NewSslPipeEx3(bool server_mode, X *x, K *k, LIST *chain, DH_CTX *dh, b SSL_PIPE *s;
SSL *ssl;
SSL_CTX *ssl_ctx = NewSSLCtx(server_mode);
+ if (ssl_ctx == NULL)
+ {
+ return NULL;
+ }
Lock(openssl_lock);
{
@@ -11727,6 +11731,10 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char }
ssl_ctx = NewSSLCtx(sock->ServerMode);
+ if (ssl_ctx == NULL)
+ {
+ return false;
+ }
Lock(openssl_lock);
{
|