From 443c8e18de801b974f57c59ce90c80b3a391ee06 Mon Sep 17 00:00:00 2001
From: Ayala Beker <ayala.beker@intel.com>
Date: Mon, 25 Jan 2016 12:28:46 +0200
Subject: [PATCH] OpenSSL: Fix possible null pointer dereference on an OCSP
 error path

Fix possible null pointer dereference in check_ocsp_resp() if an memory
allocation fails.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
---
 src/crypto/tls_openssl_ocsp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c
index 37c87f409..4e1c6b94b 100644
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c
@@ -562,6 +562,8 @@ enum ocsp_result check_ocsp_resp(SSL_CTX *ssl_ctx, SSL *ssl, X509 *cert,
 
 	if (basic->certs) {
 		untrusted = sk_X509_dup(basic->certs);
+		if (!untrusted)
+			goto fail;
 
 		num = sk_X509_num(basic->certs);
 		for (i = 0; i < num; i++) {