From 6fda11ae5a06e28fd9463e5afb60735d074904b3 Mon Sep 17 00:00:00 2001 From: dyrock Date: Mon, 15 Apr 2019 11:01:58 -0500 Subject: Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by: Paul Yang Reviewed-by: Ben Kaduk Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8756) --- doc/man3/SSL_CTX_set_client_hello_cb.pod | 2 ++ ssl/ssl_lib.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/doc/man3/SSL_CTX_set_client_hello_cb.pod b/doc/man3/SSL_CTX_set_client_hello_cb.pod index b8dad37ada..74e168dc93 100644 --- a/doc/man3/SSL_CTX_set_client_hello_cb.pod +++ b/doc/man3/SSL_CTX_set_client_hello_cb.pod @@ -65,6 +65,8 @@ both required, and on success the caller must release the storage allocated for B<*out> using OPENSSL_free(). The contents of B<*out> is an array of integers holding the numerical value of the TLS extension types in the order they appear in the ClientHello. B<*outlen> contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with B<*out> set to NULL and B<*outlen> set to 0. =head1 NOTES diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f63e16b592..221653e73c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5140,6 +5140,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) if (ext->present) num++; } + if (num == 0) { + *out = NULL; + *outlen = 0; + return 1; + } if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, ERR_R_MALLOC_FAILURE); -- cgit v1.2.3