Skip to content

Add NULL checks for MakeUnique in SSL cipher list inheritance#3065

Merged
geedo0 merged 1 commit intoaws:mainfrom
geedo0:f41
Mar 4, 2026
Merged

Add NULL checks for MakeUnique in SSL cipher list inheritance#3065
geedo0 merged 1 commit intoaws:mainfrom
geedo0:f41

Conversation

@geedo0
Copy link
Copy Markdown
Contributor

@geedo0 geedo0 commented Mar 3, 2026

Description of changes:

Add missing NULL checks after MakeUnique() and
Init() return value checks during cipher list inheritance from SSL_CTX
to SSL in SSL_new(). Under OOM, MakeUnique returns nullptr and the
subsequent Init() call would dereference it, causing a crash.

Testing:

How is this change tested (unit tests, fuzz tests, etc.)? Are there any testing steps to be verified by the reviewer?

CI

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@geedo0
Add NULL checks for MakeUnique in SSL cipher list inheritance
199a053 
Add missing NULL checks after MakeUnique<SSLCipherPreferenceList>() and
Init() return value checks during cipher list inheritance from SSL_CTX
to SSL in SSL_new(). Under OOM, MakeUnique returns nullptr and the
subsequent Init() call would dereference it, causing a crash.
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 3, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 66.66667% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.38%. Comparing base (37d8646) to head (199a053).
⚠️ Report is 63 commits behind head on main.

Files with missing lines Patch % Lines
ssl/ssl_lib.cc 66.66% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3065      +/-   ##
==========================================
+ Coverage   78.37%   78.38%   +0.01%     
==========================================
  Files         689      689              
  Lines      121078   121082       +4     
  Branches    16966    16965       -1     
==========================================
+ Hits        94889    94906      +17     
+ Misses      25294    25281      -13     
  Partials      895      895

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@geedo0 geedo0 marked this pull request as ready for review March 4, 2026 13:40
@geedo0 geedo0 requested a review from a team as a code owner March 4, 2026 13:40
@geedo0 geedo0 enabled auto-merge (squash) March 4, 2026 16:09
@geedo0 geedo0 merged commit 929ff24 into aws:main Mar 4, 2026
448 of 455 checks passed
nebeid pushed a commit to nebeid/aws-lc that referenced this pull request Mar 23, 2026
@geedo0 @nebeid
Add NULL checks for MakeUnique in SSL cipher list inheritance (aws#3065)
ab73f05 
### Description of changes: 
Add missing NULL checks after MakeUnique<SSLCipherPreferenceList>() and
Init() return value checks during cipher list inheritance from SSL_CTX
to SSL in SSL_new(). Under OOM, MakeUnique returns nullptr and the
subsequent Init() call would dereference it, causing a crash.

### Testing:
How is this change tested (unit tests, fuzz tests, etc.)? Are there any
testing steps to be verified by the reviewer?

CI

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
@geedo0 geedo0 deleted the f41 branch March 27, 2026 19:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manastasova manastasova manastasova approved these changes

@justsmth justsmth justsmth approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@geedo0 @codecov-commenter @manastasova @justsmth