Commit 3161f460fa for openssl.org

commit 3161f460fa7eacc7a93f8edf413c78b4dcf65823
Author: AntonMoryakov <ant.v.moryakov@gmail.com>
Date:   Fri May 16 17:19:21 2025 +0300

    apps: lib: Prevent potential NULL dereference in init_client()

    apps: lib: Simplify ba_ret handling in init_client()

    Simplify logic around ba_ret assignment:
    - Fail early if ba_ret == NULL
    - Assign directly otherwise, without checking *ba_ret

    This avoids extra nesting and matches OpenSSL's conventions.

    CLA: trivial
    Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
    Co-authored-by: Tomas Mraz <tomas@openssl.org>

    Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
    Reviewed-by: Paul Dale <ppzgs1@gmail.com>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/26783)

diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index f61b1b5c82..b2a1e3e51a 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -173,8 +173,16 @@ int init_client(int *sock, const char *host, const char *port,
         }

         /* Save the address */
-        if (tfo || !doconn)
+        if (tfo || !doconn) {
+            if (ba_ret == NULL) {
+                BIO_printf(bio_err, "Internal error\n");
+                BIO_closesocket(*sock);
+                *sock = INVALID_SOCKET;
+                goto out;
+            }
+
             *ba_ret = BIO_ADDR_dup(BIO_ADDRINFO_address(ai));
+        }

         /* Success, don't try any more addresses */
         break;