From: Dr. Stephen Henson Date: Wed, 2 Sep 2009 13:20:32 +0000 (+0000) Subject: PR: 2009 X-Git-Tag: OpenSSL-fips-2_0-rc1~1553 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=3d9b105fe042b4986467ec12d881fa8a33ecd9ec;p=oweals%2Fopenssl.git PR: 2009 Submitted by: "Alexei Khlebnikov" Approved by: steve@openssl.org Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although the ticket mentions buffer overruns this isn't a security issue because the SSL_SESSION structure is generated internally and it should never be possible to supply its contents from an untrusted application (this would among other things destroy session cache security). --- diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 1804f3658b..93311eadf6 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -413,8 +413,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } else { - SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION); - return(NULL); + c.error=SSL_R_UNKNOWN_SSL_VERSION; + goto err; } ret->cipher=NULL; @@ -505,8 +505,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, { if (os.length > SSL_MAX_SID_CTX_LENGTH) { - ret->sid_ctx_length=os.length; - SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); + c.error=SSL_R_BAD_LENGTH; + goto err; } else {