If we're going to return errors (no matter how stupid), then we should

test for them!
author: Ben Laurie <ben@openssl.org> 2008-12-29 16:11:58 +0000
committer: Ben Laurie <ben@openssl.org> 2008-12-29 16:11:58 +0000
commit: 0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0 (patch)
tree: da848c7424ced86fc60823f4948b0fc79e52a381 /ssl/t1_lib.c
parent: 8aa02e97a782a4229936d5df6da42db3efe4acd1 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e6ba33d85b..c1d4173b5e 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1532,6 +1532,11 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
  	 * integrity checks on ticket.
  	 */
 	mlen = HMAC_size(&hctx);
+	if (mlen < 0)
+		{
+		EVP_CIPHER_CTX_cleanup(&ctx);
+		return -1;
+		}
 	eticklen -= mlen;
 	/* Check HMAC of encrypted ticket */
 	HMAC_Update(&hctx, etick, eticklen);
author	Ben Laurie <ben@openssl.org>	2008-12-29 16:11:58 +0000
committer	Ben Laurie <ben@openssl.org>	2008-12-29 16:11:58 +0000
commit	0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0 (patch)
tree	da848c7424ced86fc60823f4948b0fc79e52a381 /ssl/t1_lib.c
parent	8aa02e97a782a4229936d5df6da42db3efe4acd1 (diff)