The function ssl_get_min_max_version() can fail

We should always check the return code. This fixes a coverity issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5308)
author: Matt Caswell <matt@openssl.org> 2018-02-09 18:03:08 +0000
committer: Matt Caswell <matt@openssl.org> 2018-02-12 10:06:39 +0000
commit: 1d0c08b4963f5f7e1d1855e360417a11973d8455 (patch)
tree: d7b74082b737242ebba6ebc167d7e1f1e2797621 /ssl/t1_lib.c
parent: 7e70213fe3c79461ad3d776a8de1a5beff4bea78 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 7109741a7d..3965be9d90 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1051,12 +1051,14 @@ int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
  *
  * Call ssl_cipher_disabled() to check that it's enabled or not.
  */
-void ssl_set_client_disabled(SSL *s)
+int ssl_set_client_disabled(SSL *s)
 {
     s->s3->tmp.mask_a = 0;
     s->s3->tmp.mask_k = 0;
     ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
-    ssl_get_min_max_version(s, &s->s3->tmp.min_ver, &s->s3->tmp.max_ver);
+    if (ssl_get_min_max_version(s, &s->s3->tmp.min_ver,
+                                &s->s3->tmp.max_ver) != 0)
+        return 0;
 #ifndef OPENSSL_NO_PSK
     /* with PSK there must be client callback set */
     if (!s->psk_client_callback) {
@@ -1070,6 +1072,7 @@ void ssl_set_client_disabled(SSL *s)
         s->s3->tmp.mask_k |= SSL_kSRP;
     }
 #endif
+    return 1;
 }
 
 /*
author	Matt Caswell <matt@openssl.org>	2018-02-09 18:03:08 +0000
committer	Matt Caswell <matt@openssl.org>	2018-02-12 10:06:39 +0000
commit	1d0c08b4963f5f7e1d1855e360417a11973d8455 (patch)
tree	d7b74082b737242ebba6ebc167d7e1f1e2797621 /ssl/t1_lib.c
parent	7e70213fe3c79461ad3d776a8de1a5beff4bea78 (diff)