Add a missing error check for sk_X509_push Change-Id: I4cf8af50d7355b447d3d7f9f92259febfc844b79 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65127 Reviewed-by: Bob Beck <bbe@google.com> Commit-Queue: David Benjamin <davidben@google.com>

commit: 970df5e4563fd0cd0f2ae8cdb910225979363bab [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Dec 22 13:24:07 2023 -0500
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Tue Jan 09 19:21:24 2024 +0000
tree: 4056f0a9322e8bebdf220d81228cda9ed2435398
parent: 8ab77eefc83ea4d879fd0afe162b0be080d5de06 [diff]
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f64cfeb..4f6c4ad 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c

@@ -400,7 +400,10 @@
       }
       ctx->current_cert = x;
     } else {
-      sk_X509_push(ctx->chain, chain_ss);
+      if (!sk_X509_push(ctx->chain, chain_ss)) {
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        goto end;
+      }
       num++;
       ctx->last_untrusted = num;
       ctx->current_cert = chain_ss;
commit	970df5e4563fd0cd0f2ae8cdb910225979363bab	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Dec 22 13:24:07 2023 -0500
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Tue Jan 09 19:21:24 2024 +0000
tree	4056f0a9322e8bebdf220d81228cda9ed2435398
parent	8ab77eefc83ea4d879fd0afe162b0be080d5de06 [diff]