tls1_process_heartbeat: check for NULL after allocating buffer

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

3 files changed, 7 insertions, 0 deletions

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 61c9890538..51b8df08d5 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2732,6 +2732,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT		 275
 #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT		 276
 #define SSL_F_TLS1_PRF					 284
+#define SSL_F_TLS1_PROCESS_HEARTBEAT			 341
 #define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
 #define SSL_F_TLS1_SET_SERVER_SIGALGS			 335
 
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 00c4bc80e9..5f8c0758bc 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -273,6 +273,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),	"TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),	"TLS1_PREPARE_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_PRF),	"tls1_prf"},
+{ERR_FUNC(SSL_F_TLS1_PROCESS_HEARTBEAT),	"tls1_process_heartbeat"},
 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK),	"tls1_setup_key_block"},
 {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS),	"tls1_set_server_sigalgs"},
 {0,NULL}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 891cd1fddd..4133c43ff2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4003,6 +4003,11 @@ tls1_process_heartbeat(SSL *s)
 		 * payload, plus padding
 		 */
 		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+		if (buffer == NULL)
+			{
+			SSLerr(SSL_F_TLS1_PROCESS_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
 		bp = buffer;
 		
 		/* Enter response type, length and copy payload */