diff options
| author | Matt Caswell <matt@openssl.org> | 2016-09-29 15:38:44 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-09-29 16:17:54 +0100 |
| commit | 6b02b586c35359e338cfa151341e49aeb01590d0 (patch) | |
| tree | 473f99907f8ff21d182adfab075c72c6ed63a6cc | |
| parent | 9cb0c3a3cae638143af8bc66dd2b19f7593e3978 (diff) | |
Fix missing NULL checks in NewSessionTicket construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6)
| -rw-r--r-- | include/openssl/ssl.h | 1 | ||||
| -rw-r--r-- | ssl/ssl_err.c | 2 | ||||
| -rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
3 files changed, 8 insertions, 1 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 440b9a0d74..86ab9125de 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2231,6 +2231,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 # define SSL_F_TLS_CONSTRUCT_FINISHED 359 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 # define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 85cb489c9d..73e0ae15c1 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -256,6 +256,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST), "tls_construct_hello_request"}, + {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET), + "tls_construct_new_session_ticket"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE), "tls_construct_server_certificate"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"}, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index a6b8a87092..19ceda5919 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2982,7 +2982,7 @@ int tls_construct_server_certificate(SSL *s) int tls_construct_new_session_ticket(SSL *s) { unsigned char *senc = NULL; - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx = NULL; HMAC_CTX *hctx = NULL; unsigned char *p, *macstart; const unsigned char *const_p; @@ -3012,6 +3012,10 @@ int tls_construct_new_session_ticket(SSL *s) ctx = EVP_CIPHER_CTX_new(); hctx = HMAC_CTX_new(); + if (ctx == NULL || hctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto err; + } p = senc; if (!i2d_SSL_SESSION(s->session, &p)) |