[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Mon Jul 2 13:54:54 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via 1e8cb18d499604c1766bfcec23a358888eaf6551 (commit)
from e35e5941e0b2f7af1cd56f07ee8d4eaf2b445132 (commit)
- Log -----------------------------------------------------------------
commit 1e8cb18d499604c1766bfcec23a358888eaf6551
Author: Matt Caswell <matt at openssl.org>
Date: Tue Jun 26 15:40:54 2018 +0100
Fix a NULL ptr deref in error path in tls_process_cke_dhe()
Fixes #6574
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6594)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_srvr.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 5591e1e..10301f1 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2324,13 +2324,12 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al)
SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_BN_LIB);
goto err;
}
+
cdh = EVP_PKEY_get0_DH(ckey);
pub_key = BN_bin2bn(data, i, NULL);
-
- if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+ if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR);
- if (pub_key != NULL)
- BN_free(pub_key);
+ BN_free(pub_key);
goto err;
}
More information about the openssl-commits
mailing list