[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Nov 23 23:11:25 UTC 2016
The branch master has been updated
via 884a790e17a22eed42f1fe41ccaebd8c1fe18902 (commit)
via b599ce3b64b695cc7430f731a33e0f5bb83ae62c (commit)
from 7acb8b64c32617788959aee2733ac14fd7b97e5f (commit)
- Log -----------------------------------------------------------------
commit 884a790e17a22eed42f1fe41ccaebd8c1fe18902
Author: Matt Caswell <matt at openssl.org>
Date: Wed Nov 23 22:12:56 2016 +0000
Fix missing NULL checks in key_share processing
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit b599ce3b64b695cc7430f731a33e0f5bb83ae62c
Author: Matt Caswell <matt at openssl.org>
Date: Wed Nov 23 22:12:40 2016 +0000
Fix missing NULL checks in CKE processing
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_clnt.c | 7 +++++++
ssl/t1_lib.c | 9 +++++++++
2 files changed, 16 insertions(+)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index ba873ee..287d8ab 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -2459,6 +2459,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt, int *al)
goto err;
ckey = ssl_generate_pkey(skey);
+ if (ckey == NULL)
+ goto err;
+
dh_clnt = EVP_PKEY_get0_DH(ckey);
if (dh_clnt == NULL || ssl_derive(s, ckey, skey, 0) == 0)
@@ -2496,6 +2499,10 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt, int *al)
}
ckey = ssl_generate_pkey(skey);
+ if (ckey == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (ssl_derive(s, ckey, skey, 0) == 0) {
SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 3e592be..ce728b0 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1538,6 +1538,10 @@ static int add_client_key_share_ext(SSL *s, WPACKET *pkt, int *al)
}
skey = ssl_generate_pkey(ckey);
+ if (skey == NULL) {
+ SSLerr(SSL_F_ADD_CLIENT_KEY_SHARE_EXT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
/* Generate encoding of server key */
encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint);
@@ -2778,6 +2782,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al)
}
skey = ssl_generate_pkey(ckey);
+ if (skey == NULL) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
PACKET_remaining(&encoded_pt))) {
*al = SSL_AD_DECODE_ERROR;
More information about the openssl-commits
mailing list