Fix missing NULL checks in NewSessionTicket construction
authorMatt Caswell <matt@openssl.org>
Thu, 29 Sep 2016 14:38:44 +0000 (15:38 +0100)
committerMatt Caswell <matt@openssl.org>
Thu, 29 Sep 2016 15:17:54 +0000 (16:17 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6)

include/openssl/ssl.h
ssl/ssl_err.c
ssl/statem/statem_srvr.c

index 440b9a0d74bf7b55294418eabb455207e4733379..86ab9125de8c5d70168fb948ee27f021403ad6b7 100644 (file)
@@ -2231,6 +2231,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                358
 # define SSL_F_TLS_CONSTRUCT_FINISHED                     359
 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST                373
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET           428
 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE           374
 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE                  375
 # define SSL_F_TLS_CONSTRUCT_SERVER_HELLO                 376
index 85cb489c9d36a1e01f6c60853338787d8ea1397a..73e0ae15c1a6c7198185e304277c451c4940da3d 100644 (file)
@@ -256,6 +256,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
     {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
     {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
      "tls_construct_hello_request"},
+    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
+     "tls_construct_new_session_ticket"},
     {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
      "tls_construct_server_certificate"},
     {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},
index a6b8a87092718e9d32ed3f26cd33957a1a299ec1..19ceda5919fceb8388e6638b1fef37ab0c93082a 100644 (file)
@@ -2982,7 +2982,7 @@ int tls_construct_server_certificate(SSL *s)
 int tls_construct_new_session_ticket(SSL *s)
 {
     unsigned char *senc = NULL;
-    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER_CTX *ctx = NULL;
     HMAC_CTX *hctx = NULL;
     unsigned char *p, *macstart;
     const unsigned char *const_p;
@@ -3012,6 +3012,10 @@ int tls_construct_new_session_ticket(SSL *s)
 
     ctx = EVP_CIPHER_CTX_new();
     hctx = HMAC_CTX_new();
+    if (ctx == NULL || hctx == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
     p = senc;
     if (!i2d_SSL_SESSION(s->session, &p))