[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri Apr 29 08:19:29 UTC 2016 

The branch master has been updated
       via  6f137370dd52c11ecfd73a2dd7a07a52b8435891 (commit)
      from  b8f1c116a357285ccb4905cd88c83f5076bafb52 (commit)


- Log -----------------------------------------------------------------
commit 6f137370dd52c11ecfd73a2dd7a07a52b8435891
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 28 15:12:37 2016 +0100

    Client side CKE processing can double free on error
    
    The tls_client_key_exchange_post_work() frees the pms on error. It also
    calls ssl_generate_master_secret() which also free the pms. If an error
    occurs after ssl_generate_master_secret() has been called then a double
    free can occur.
    
    Reviewed-by: Andy Polyakov <appro at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_clnt.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a63d4d0..4ede88e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2547,6 +2547,9 @@ int tls_client_key_exchange_post_work(SSL *s)
     unsigned char *pms = NULL;
     size_t pmslen = 0;
 
+    pms = s->s3->tmp.pms;
+    pmslen = s->s3->tmp.pmslen;
+
 #ifndef OPENSSL_NO_SRP
     /* Check for SRP */
     if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
@@ -2558,8 +2561,6 @@ int tls_client_key_exchange_post_work(SSL *s)
         return 1;
     }
 #endif
-    pms = s->s3->tmp.pms;
-    pmslen = s->s3->tmp.pmslen;
 
     if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
         ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
@@ -2569,8 +2570,13 @@ int tls_client_key_exchange_post_work(SSL *s)
     if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
         ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
         SSLerr(SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_INTERNAL_ERROR);
+        /* ssl_generate_master_secret frees the pms even on error */
+        pms = NULL;
+        pmslen = 0;
         goto err;
     }
+    pms = NULL;
+    pmslen = 0;
 
 #ifndef OPENSSL_NO_SCTP
     if (SSL_IS_DTLS(s)) {

More information about the openssl-commits mailing list