diff options
author | Matt Caswell <matt@openssl.org> | 2018-02-09 18:03:08 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-12 10:06:39 +0000 |
commit | 1d0c08b4963f5f7e1d1855e360417a11973d8455 (patch) | |
tree | d7b74082b737242ebba6ebc167d7e1f1e2797621 /ssl/t1_lib.c | |
parent | 7e70213fe3c79461ad3d776a8de1a5beff4bea78 (diff) |
The function ssl_get_min_max_version() can fail
We should always check the return code.
This fixes a coverity issue.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5308)
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r-- | ssl/t1_lib.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7109741a7d..3965be9d90 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1051,12 +1051,14 @@ int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid) * * Call ssl_cipher_disabled() to check that it's enabled or not. */ -void ssl_set_client_disabled(SSL *s) +int ssl_set_client_disabled(SSL *s) { s->s3->tmp.mask_a = 0; s->s3->tmp.mask_k = 0; ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); - ssl_get_min_max_version(s, &s->s3->tmp.min_ver, &s->s3->tmp.max_ver); + if (ssl_get_min_max_version(s, &s->s3->tmp.min_ver, + &s->s3->tmp.max_ver) != 0) + return 0; #ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (!s->psk_client_callback) { @@ -1070,6 +1072,7 @@ void ssl_set_client_disabled(SSL *s) s->s3->tmp.mask_k |= SSL_kSRP; } #endif + return 1; } /* |