[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Thu Sep 29 15:20:12 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via 6b02b586c35359e338cfa151341e49aeb01590d0 (commit)
from 9cb0c3a3cae638143af8bc66dd2b19f7593e3978 (commit)
- Log -----------------------------------------------------------------
commit 6b02b586c35359e338cfa151341e49aeb01590d0
Author: Matt Caswell <matt at openssl.org>
Date: Thu Sep 29 15:38:44 2016 +0100
Fix missing NULL checks in NewSessionTicket construction
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6)
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 1 +
ssl/ssl_err.c | 2 ++
ssl/statem/statem_srvr.c | 6 +++++-
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 440b9a0..86ab912 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2231,6 +2231,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
# define SSL_F_TLS_CONSTRUCT_FINISHED 359
# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428
# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374
# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375
# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 85cb489..73e0ae1 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -256,6 +256,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
"tls_construct_hello_request"},
+ {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
+ "tls_construct_new_session_ticket"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
"tls_construct_server_certificate"},
{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index a6b8a87..19ceda5 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2982,7 +2982,7 @@ int tls_construct_server_certificate(SSL *s)
int tls_construct_new_session_ticket(SSL *s)
{
unsigned char *senc = NULL;
- EVP_CIPHER_CTX *ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
HMAC_CTX *hctx = NULL;
unsigned char *p, *macstart;
const unsigned char *const_p;
@@ -3012,6 +3012,10 @@ int tls_construct_new_session_ticket(SSL *s)
ctx = EVP_CIPHER_CTX_new();
hctx = HMAC_CTX_new();
+ if (ctx == NULL || hctx == NULL) {
+ SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
p = senc;
if (!i2d_SSL_SESSION(s->session, &p))
More information about the openssl-commits
mailing list