Check return value of ssl3_output_cert_chain

Based on commit 66f96fe2d519147097c118d4bf60704c69ed0635 by Steve Henson

Reviewed-by: Tim Hudson <tjh@openssl.org>

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 7ad13579adac0e7451aa0f544e028efbeb97fe4f..f10e1aa30eb54c29a8d36cc3ecd4311558f19ea2 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -3280,6 +3280,12 @@ int ssl3_send_client_certificate(SSL *s)
                s->state=SSL3_ST_CW_CERT_D;
                l=ssl3_output_cert_chain(s,
                        (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+               if (!l)
+                       {
+                       SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+                       return 0;
+                       }
                s->init_num=(int)l;
                s->init_off=0;
                }

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index c67f11a7247af647b28e8e252ede570ca4c25bbe..719e6d3e737b50dd43515f443767e12f27f51ff7 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -3406,6 +3406,11 @@ int ssl3_send_server_certificate(SSL *s)
                        }
 
                l=ssl3_output_cert_chain(s,x);
+               if (!l)
+                       {
+                       SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+                       return(0);
+                       }
                s->state=SSL3_ST_SW_CERT_B;
                s->init_num=(int)l;
                s->init_off=0;