Merge pull request #1887 from chipitsine/master

additional error handling if SSL_CTX_new failed

src/Cedar/Proto_OpenVPN.c

@@ -824,6 +824,10 @@ void OvsProcessRecvControlPacket(OPENVPN_SERVER *s, OPENVPN_SESSION *se, OPENVPN
 				}
 
 				c->SslPipe = NewSslPipeEx(true, s->Cedar->ServerX, s->Cedar->ServerK, s->Dh, true, &c->ClientCert);
+				if (c->SslPipe == NULL)
+				{
+					return;
+				}
 			}
 			Unlock(s->Cedar->lock);
 

src/Cedar/Proto_PPP.c

@@ -3635,6 +3635,12 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
 		{
 			p->Eap_TlsCtx.Dh = DhNewFromBits(DH_PARAM_BITS_DEFAULT);
 			p->Eap_TlsCtx.SslPipe = NewSslPipeEx3(true, p->Cedar->ServerX, p->Cedar->ServerK, p->Cedar->ServerChain, p->Eap_TlsCtx.Dh, true, &(p->Eap_TlsCtx.ClientCert), p->Eap_TlsCtx.Tls13SessionTicketsCount, p->Eap_TlsCtx.DisableTls13);
+			if (p->Eap_TlsCtx.SslPipe == NULL)
+			{
+				Debug("EAP-TLS: NewSslPipeEx3 failed\n");
+				PPPSetStatus(p, PPP_STATUS_FAIL);
+				return false;
+			}
 		}
 
 		// If the current frame is fragmented, or it is a possible last of a fragmented series, bufferize it

src/Cedar/Radius.c

@@ -417,6 +417,11 @@ bool StartPeapSslClient(EAP_CLIENT *e)
 	}
 
 	e->SslPipe = NewSslPipe(false, NULL, NULL, NULL);
+	if (e->SslPipe == NULL)
+	{
+		return false;
+	}
+
 	send_fifo = e->SslPipe->RawOut->RecvFifo;
 	recv_fifo = e->SslPipe->RawIn->SendFifo;
 

src/Mayaqua/Network.c

@@ -5724,6 +5724,10 @@ SSL_PIPE *NewSslPipeEx3(bool server_mode, X *x, K *k, LIST *chain, DH_CTX *dh, b
 	SSL_PIPE *s;
 	SSL *ssl;
 	SSL_CTX *ssl_ctx = NewSSLCtx(server_mode);
+	if (ssl_ctx == NULL)
+	{
+		return NULL;
+	}
 
 	Lock(openssl_lock);
 	{
@@ -11727,6 +11731,10 @@ bool StartSSLEx3(SOCK *sock, X *x, K *priv, LIST *chain, UINT ssl_timeout, char
 	}
 
 	ssl_ctx = NewSSLCtx(sock->ServerMode);
+	if (ssl_ctx == NULL)
+	{
+		return false;
+	}
 
 	Lock(openssl_lock);
 	{