From: Bernd Edlinger Date: Fri, 10 Mar 2017 14:10:41 +0000 (+0100) Subject: Avoid questionable use of the value of a pointer X-Git-Tag: OpenSSL_1_1_1-pre1~2073 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d3bc98058599a5feffbe68d4e5f2ca43a698d95b;p=oweals%2Fopenssl.git Avoid questionable use of the value of a pointer that refers to space deallocated by a call to the free function in tls_decrypt_ticket. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2897) (cherry picked from commit 13ed1afa923f4ffb553e389de08f26e9ce84e8a2) --- diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 22a368defe..83e493eb7c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1311,10 +1311,11 @@ TICKET_RETURN tls_decrypt_ticket(SSL *s, const unsigned char *etick, p = sdec; sess = d2i_SSL_SESSION(NULL, &p, slen); + slen -= p - sdec; OPENSSL_free(sdec); if (sess) { /* Some additional consistency checks */ - if (p != sdec + slen || sess->session_id_length != 0) { + if (slen != 0 || sess->session_id_length != 0) { SSL_SESSION_free(sess); return TICKET_NO_DECRYPT; }