diff options
author | Jonas Maebe <jonas.maebe@elis.ugent.be> | 2014-12-07 17:38:51 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2014-12-10 18:35:18 +0100 |
commit | c27dc3981cd676cdd6dba00b06d6146545fc63fc (patch) | |
tree | 6b5c27b7be5abc2ea1ef77bd43a1cda1e7ca05e3 /ssl | |
parent | fed5b5525204a6892c936173d9336c479fa83941 (diff) | |
download | openssl-c27dc3981cd676cdd6dba00b06d6146545fc63fc.tar.gz |
tls1_process_heartbeat: check for NULL after allocating buffer
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl.h | 1 | ||||
-rw-r--r-- | ssl/ssl_err.c | 1 | ||||
-rw-r--r-- | ssl/t1_lib.c | 5 |
3 files changed, 7 insertions, 0 deletions
@@ -2732,6 +2732,7 @@ void ERR_load_SSL_strings(void); #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 #define SSL_F_TLS1_PRF 284 +#define SSL_F_TLS1_PROCESS_HEARTBEAT 341 #define SSL_F_TLS1_SETUP_KEY_BLOCK 211 #define SSL_F_TLS1_SET_SERVER_SIGALGS 335 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 00c4bc80e9..5f8c0758bc 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -273,6 +273,7 @@ static ERR_STRING_DATA SSL_str_functs[]= {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"}, {ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"}, +{ERR_FUNC(SSL_F_TLS1_PROCESS_HEARTBEAT), "tls1_process_heartbeat"}, {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"}, {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"}, {0,NULL} diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 891cd1fddd..4133c43ff2 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4003,6 +4003,11 @@ tls1_process_heartbeat(SSL *s) * payload, plus padding */ buffer = OPENSSL_malloc(1 + 2 + payload + padding); + if (buffer == NULL) + { + SSLerr(SSL_F_TLS1_PROCESS_HEARTBEAT,ERR_R_MALLOC_FAILURE); + return -1; + } bp = buffer; /* Enter response type, length and copy payload */ |