[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Thu Sep 29 15:20:00 UTC 2016


The branch master has been updated
       via  83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6 (commit)
      from  e4e1aa903e624044d3319622fc50222f1b2c7328 (commit)


- Log -----------------------------------------------------------------
commit 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Sep 29 15:38:44 2016 +0100

    Fix missing NULL checks in NewSessionTicket construction
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/ssl.h    | 1 +
 ssl/ssl_err.c            | 2 ++
 ssl/statem/statem_srvr.c | 6 +++++-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d127c76..d741ece 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2233,6 +2233,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                358
 # define SSL_F_TLS_CONSTRUCT_FINISHED                     359
 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST                373
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET           428
 # define SSL_F_TLS_CONSTRUCT_NEXT_PROTO                   426
 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE           374
 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE                  375
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index ec550be..e6c7320 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -259,6 +259,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
     {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
     {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
      "tls_construct_hello_request"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
+     "tls_construct_new_session_ticket"},
     {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"},
     {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
      "tls_construct_server_certificate"},
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b9eb634..eae0e3c 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2947,7 +2947,7 @@ int tls_construct_server_certificate(SSL *s)
 int tls_construct_new_session_ticket(SSL *s)
 {
     unsigned char *senc = NULL;
-    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER_CTX *ctx = NULL;
     HMAC_CTX *hctx = NULL;
     unsigned char *p, *macstart;
     const unsigned char *const_p;
@@ -2977,6 +2977,10 @@ int tls_construct_new_session_ticket(SSL *s)
 
     ctx = EVP_CIPHER_CTX_new();
     hctx = HMAC_CTX_new();
+    if (ctx == NULL || hctx == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
     p = senc;
     if (!i2d_SSL_SESSION(s->session, &p))


More information about the openssl-commits mailing list