From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 28 Jul 2015 15:04:53 +0000 (+0100)
Subject: Free and cleanse pms on error
X-Git-Tag: OpenSSL_1_1_0-pre1~876
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a784665e52735f77a64d01216d7535834278c27c;p=oweals%2Fopenssl.git

Free and cleanse pms on error

Reviewed-by: Matt Caswell <matt@openssl.org>
---

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 2954b58c03..0fc08819ca 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4966,8 +4966,10 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
 
         pskpmslen = 4 + pmslen + psklen;
         pskpms = OPENSSL_malloc(pskpmslen);
-        if (pskpms == NULL)
-            return 0;
+        if (pskpms == NULL) {
+            s->session->master_key_length = 0;
+            goto err;
+        }
         t = pskpms;
         s2n(pmslen, t);
         if (alg_k & SSL_kPSK)
@@ -4991,6 +4993,8 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
             s->method->ssl3_enc->generate_master_secret(s,
                                                         s->session->master_key,
                                                         pms, pmslen);
+
+    err:
     if (pms) {
         if (free_pms)
             OPENSSL_clear_free(pms, pmslen);