[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Mon Jul 2 13:47:49 UTC 2018


The branch master has been updated
       via  b6ff436fcb597663ffcfe6d724d207cf120e7250 (commit)
      from  5281bb2252be6575ebb7a8b683e6bd160476fa2a (commit)


- Log -----------------------------------------------------------------
commit b6ff436fcb597663ffcfe6d724d207cf120e7250
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Jun 26 15:40:54 2018 +0100

    Fix a NULL ptr deref in error path in tls_process_cke_dhe()
    
    Fixes #6574
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6593)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_srvr.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9c44be0..26cd850 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3129,14 +3129,13 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
                  SSL_R_BN_LIB);
         goto err;
     }
+
     cdh = EVP_PKEY_get0_DH(ckey);
     pub_key = BN_bin2bn(data, i, NULL);
-
-    if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+    if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
                  ERR_R_INTERNAL_ERROR);
-        if (pub_key != NULL)
-            BN_free(pub_key);
+        BN_free(pub_key);
         goto err;
     }
 


More information about the openssl-commits mailing list