diff options
author | Matt Caswell <matt@openssl.org> | 2016-09-29 15:38:44 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-09-29 16:15:16 +0100 |
commit | 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6 (patch) | |
tree | 5ba3ab2f2c4429f3fcc8cf9eb942c8b50d0a6370 /ssl | |
parent | e4e1aa903e624044d3319622fc50222f1b2c7328 (diff) | |
download | openssl-83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6.tar.gz |
Fix missing NULL checks in NewSessionTicket construction
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_err.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index ec550be4ba..e6c73208a4 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -259,6 +259,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST), "tls_construct_hello_request"}, + {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET), + "tls_construct_new_session_ticket"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE), "tls_construct_server_certificate"}, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b9eb6346d1..eae0e3cadc 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2947,7 +2947,7 @@ int tls_construct_server_certificate(SSL *s) int tls_construct_new_session_ticket(SSL *s) { unsigned char *senc = NULL; - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx = NULL; HMAC_CTX *hctx = NULL; unsigned char *p, *macstart; const unsigned char *const_p; @@ -2977,6 +2977,10 @@ int tls_construct_new_session_ticket(SSL *s) ctx = EVP_CIPHER_CTX_new(); hctx = HMAC_CTX_new(); + if (ctx == NULL || hctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto err; + } p = senc; if (!i2d_SSL_SESSION(s->session, &p)) |