From 1d06278bce03dbd00c9d52289a3acbcbf0c486f7 Mon Sep 17 00:00:00 2001
From: RoomWithOutRoof <roomwithoutroof@proton.me>
Date: Sun, 19 Apr 2026 14:12:20 +0800
Subject: [PATCH] crypto: add NULL check for SSL_new() result in
 SSLPointer::New

Add explicit NULL check for SSL_new() return value in SSLPointer::New(),
consistent with the pattern used by CipherCtxPointer::New().

Fixes a potential NULL pointer dereference when OpenSSL fails to allocate
an SSL structure under memory pressure (Coverity CID 15826735).

Fixes: https://github.com/nodejs/node/issues/62774
---
 deps/ncrypto/ncrypto.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/deps/ncrypto/ncrypto.cc b/deps/ncrypto/ncrypto.cc
index 07049405de6239..b7962513a78530 100644
--- a/deps/ncrypto/ncrypto.cc
+++ b/deps/ncrypto/ncrypto.cc
@@ -2828,7 +2828,9 @@ SSL* SSLPointer::release() {
 
 SSLPointer SSLPointer::New(const SSLCtxPointer& ctx) {
   if (!ctx) return {};
-  return SSLPointer(SSL_new(ctx.get()));
+  SSL* ssl = SSL_new(ctx.get());
+  if (ssl == nullptr) return {};
+  return SSLPointer(ssl);
 }
 
 void SSLPointer::getCiphers(std::function<void(const char*)> cb) const {