crypto: add NULL check for SSL_new() result in SSLPointer::New

RoomWithOutRoof · RoomWithOutRoof · commit 1d06278bce03 · 2026-04-19T14:12:20.000+08:00
Add explicit NULL check for SSL_new() return value in SSLPointer::New(), consistent with the pattern used by CipherCtxPointer::New(). Fixes a potential NULL pointer dereference when OpenSSL fails to allocate an SSL structure under memory pressure (Coverity CID 15826735). Fixes: #62774
diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
@@ -2828,7 +2828,9 @@ SSL* SSLPointer::release() {
 
 SSLPointer SSLPointer::New(const SSLCtxPointer& ctx) {
   if (!ctx) return {};
-  return SSLPointer(SSL_new(ctx.get()));
+  SSL* ssl = SSL_new(ctx.get());
+  if (ssl == nullptr) return {};
+  return SSLPointer(ssl);
 }
 
 void SSLPointer::getCiphers(std::function<void(const char*)> cb) const {

Original file line number	Diff line number	Diff line change
`@@ -2828,7 +2828,9 @@ SSL* SSLPointer::release() {`
`2828`	`2828`
`2829`	`2829`	`SSLPointer SSLPointer::New(const SSLCtxPointer& ctx) {`
`2830`	`2830`	`if (!ctx) return {};`
`2831`		`- return SSLPointer(SSL_new(ctx.get()));`
	`2831`	`+ SSL* ssl = SSL_new(ctx.get());`
	`2832`	`+ if (ssl == nullptr) return {};`
	`2833`	`+ return SSLPointer(ssl);`
`2832`	`2834`	`}`
`2833`	`2835`
`2834`	`2836`	`void SSLPointer::getCiphers(std::function<void(const char*)> cb) const {`