From: Bernd Edlinger Date: Sun, 1 Jan 2017 00:43:20 +0000 (+0100) Subject: fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_ci... X-Git-Tag: OpenSSL_1_1_0d~32 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7bd011d70e85b2fff2928e30adf6965d34af9f04;p=oweals%2Fopenssl.git fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2164) (cherry picked from commit a6fd7c1dbef2c3da3c87f1582ae48e4c29aa303c) --- diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 56bd34a3d1..093e527da1 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -61,10 +61,10 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { k++; - if (k > sizeof buf) { + if (k > sizeof(buf)) { /* bug: 'buf' is too small for this ciphersuite */ SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); - return 0; + goto err; } for (j = 0; j < k; j++) @@ -225,7 +225,8 @@ int ssl3_change_cipher_state(SSL *s, int which) memcpy(mac_secret, ms, i); - EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)); + if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) + goto err2; #ifdef OPENSSL_SSL_TRACE_CRYPTO if (s->msg_callback) {