PR: 2009

Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com> Approved by: steve@openssl.org Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although the ticket mentions buffer overruns this isn't a security issue because the SSL_SESSION structure is generated internally and it should never be possible to supply its contents from an untrusted application (this would among other things destroy session cache security).
author: Dr. Stephen Henson <steve@openssl.org> 2009-09-02 13:20:22 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-09-02 13:20:22 +0000
commit: 54ed003ace95df93c51f49fc0d6d446d957da97e (patch)
tree: 94c41d75640a91d6d60419448d2c27d81752d084 /ssl/ssl_asn1.c
parent: f18e10253d1a700a6cf9c713d6719be4b2751088 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 1804f3658b..93311eadf6 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -413,8 +413,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 		}
 	else
 		{
-		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
-		return(NULL);
+		c.error=SSL_R_UNKNOWN_SSL_VERSION;
+		goto err;
 		}
 	
 	ret->cipher=NULL;
@@ -505,8 +505,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	    {
 	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
 		{
-		ret->sid_ctx_length=os.length;
-		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
+		c.error=SSL_R_BAD_LENGTH;
+		goto err;
 		}
 	    else
 		{
author	Dr. Stephen Henson <steve@openssl.org>	2009-09-02 13:20:22 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-09-02 13:20:22 +0000
commit	54ed003ace95df93c51f49fc0d6d446d957da97e (patch)
tree	94c41d75640a91d6d60419448d2c27d81752d084 /ssl/ssl_asn1.c
parent	f18e10253d1a700a6cf9c713d6719be4b2751088 (diff)