fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_ci...

author Bernd Edlinger <bernd.edlinger@hotmail.de>

Sun, 1 Jan 2017 00:43:20 +0000 (01:43 +0100)

committer Richard Levitte <levitte@openssl.org>

Mon, 23 Jan 2017 10:44:32 +0000 (11:44 +0100)
author Bernd Edlinger <bernd.edlinger@hotmail.de>
Sun, 1 Jan 2017 00:43:20 +0000 (01:43 +0100)
committer Richard Levitte <levitte@openssl.org>
Mon, 23 Jan 2017 10:44:32 +0000 (11:44 +0100)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c

index 56bd34a3d11fe5e3a329ccf7f63300bd8c478686..093e527da1480db557df2fc85e7bc77d26dc1427 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -61,10 +61,10 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
      EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
      for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
          k++;
-        if (k > sizeof buf) {
+        if (k > sizeof(buf)) {
              /* bug: 'buf' is too small for this ciphersuite */
              SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
-            return 0;
+            goto err;
          }
  
          for (j = 0; j < k; j++)
@@ -225,7 +225,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
  
      memcpy(mac_secret, ms, i);
  
-    EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
+    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))
+        goto err2;
  
  #ifdef OPENSSL_SSL_TRACE_CRYPTO
      if (s->msg_callback) {
author	Bernd Edlinger <bernd.edlinger@hotmail.de>
	Sun, 1 Jan 2017 00:43:20 +0000 (01:43 +0100)
committer	Richard Levitte <levitte@openssl.org>
	Mon, 23 Jan 2017 10:44:32 +0000 (11:44 +0100)