Handle malloc failures in BIO_accept

The old BIO_accept() function can encounter errors during malloc. We need
to ensure we properly clean up if that occurs.

GH Issue #817

Reviewed-by: Richard Levitte <levitte@openssl.org>

1 files changed, 14 insertions, 4 deletions

diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index 071acda48e..dc14a1b587 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -311,10 +311,20 @@ int BIO_accept(int sock, char **ip_port)
     if (ip_port != NULL) {
         char *host = BIO_ADDR_hostname_string(&res, 1);
         char *port = BIO_ADDR_service_string(&res, 1);
-        *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2);
-        strcpy(*ip_port, host);
-        strcat(*ip_port, ":");
-        strcat(*ip_port, port);
+        if (host != NULL && port != NULL)
+            *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2);
+        else
+            *ip_port = NULL;
+
+        if (*ip_port == NULL) {
+            BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+            BIO_closesocket(ret);
+            ret = (int)INVALID_SOCKET;
+        } else {
+            strcpy(*ip_port, host);
+            strcat(*ip_port, ":");
+            strcat(*ip_port, port);
+        }
         OPENSSL_free(host);
         OPENSSL_free(port);
     }