diff options
| author |   Ofer Heifetz <oferh@marvell.com> | 2021-07-26 14:17:33 +0300 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2021-08-12 14:26:22 +0000 |
| commit | 8c7f5c809fecec80cdfdcae6cab1592defddc931 (patch) | |
| tree | 7f2dfba98d4e6683914c63395b86850f9c8ad7c8 /src/plugins | |
| parent | b8e7a45d56be9f3e11b07b82fd899160e2af1bf1 (diff) | |
tls: add start_listen openssl API return value check
Type: improvement
Check SSL_CTX_use_* API return value and exit on error.
Check BIO_new return code.
Release allocated BIO on error cases.
Change-Id: I9c48e91727e0eeba5d7d74d06fc37634e3c20978
Signed-off-by: Ofer Heifetz <oferh@marvell.com>
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 05cd13c9970..fa223433c22 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -753,25 +753,47 @@ openssl_start_listen (tls_ctx_t * lctx) * Set the key and cert */ cert_bio = BIO_new (BIO_s_mem ()); + if (!cert_bio) + { + clib_warning ("unable to allocate memory"); + return -1; + } BIO_write (cert_bio, ckpair->cert, vec_len (ckpair->cert)); srvcert = PEM_read_bio_X509 (cert_bio, NULL, NULL, NULL); if (!srvcert) { clib_warning ("unable to parse certificate"); - return -1; + goto err; } - SSL_CTX_use_certificate (ssl_ctx, srvcert); + rv = SSL_CTX_use_certificate (ssl_ctx, srvcert); + if (rv != 1) + { + clib_warning ("unable to use SSL certificate"); + goto err; + } + BIO_free (cert_bio); cert_bio = BIO_new (BIO_s_mem ()); + if (!cert_bio) + { + clib_warning ("unable to allocate memory"); + return -1; + } BIO_write (cert_bio, ckpair->key, vec_len (ckpair->key)); pkey = PEM_read_bio_PrivateKey (cert_bio, NULL, NULL, NULL); if (!pkey) { clib_warning ("unable to parse pkey"); - return -1; + goto err; } - SSL_CTX_use_PrivateKey (ssl_ctx, pkey); + rv = SSL_CTX_use_PrivateKey (ssl_ctx, pkey); + if (rv != 1) + { + clib_warning ("unable to use SSL PrivateKey"); + goto err; + } + BIO_free (cert_bio); olc_index = openssl_listen_ctx_alloc (); @@ -785,6 +807,10 @@ openssl_start_listen (tls_ctx_t * lctx) return 0; +err: + if (cert_bio) + BIO_free (cert_bio); + return -1; } static int |