src: improve error handling in CloneSSLCerts

If sk_X509_new() returns NULL or if sk_X509_push() fails, return instead of silently ignoring the error. PR-URL: https://github.com/nodejs/node/pull/44410 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com>
author: Tobias Nießen <tniessen@tnie.de> 2022-09-01 15:59:43 +0300
committer: RafaelGSS <rafael.nunu@hotmail.com> 2022-09-07 15:20:52 +0300
commit: 125ab7da2aa00c37a379f0156c1ed78a79481021 (patch)
tree: 2d14a22f0246c395b7a68ca4240cf9aa38226920 /src
parent: aa34f7347b8b23f8715a42da7cdc1d83099352f7 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc
index e47044be506..3bf480f8f0c 100644
--- a/src/crypto/crypto_common.cc
+++ b/src/crypto/crypto_common.cc
@@ -323,8 +323,9 @@ constexpr auto GetCipherVersion = GetCipherValue<SSL_CIPHER_get_version>;
 StackOfX509 CloneSSLCerts(X509Pointer&& cert,
                           const STACK_OF(X509)* const ssl_certs) {
   StackOfX509 peer_certs(sk_X509_new(nullptr));
-  if (cert)
-    sk_X509_push(peer_certs.get(), cert.release());
+  if (!peer_certs) return StackOfX509();
+  if (cert && !sk_X509_push(peer_certs.get(), cert.release()))
+    return StackOfX509();
   for (int i = 0; i < sk_X509_num(ssl_certs); i++) {
     X509Pointer cert(X509_dup(sk_X509_value(ssl_certs, i)));
     if (!cert || !sk_X509_push(peer_certs.get(), cert.get()))
author	Tobias Nießen <tniessen@tnie.de>	2022-09-01 15:59:43 +0300
committer	RafaelGSS <rafael.nunu@hotmail.com>	2022-09-07 15:20:52 +0300
commit	125ab7da2aa00c37a379f0156c1ed78a79481021 (patch)
tree	2d14a22f0246c395b7a68ca4240cf9aa38226920 /src
parent	aa34f7347b8b23f8715a42da7cdc1d83099352f7 (diff)