From 6b02b586c35359e338cfa151341e49aeb01590d0 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 29 Sep 2016 15:38:44 +0100 Subject: [PATCH] Fix missing NULL checks in NewSessionTicket construction Reviewed-by: Rich Salz (cherry picked from commit 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6) --- include/openssl/ssl.h | 1 + ssl/ssl_err.c | 2 ++ ssl/statem/statem_srvr.c | 6 +++++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 440b9a0d74..86ab9125de 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2231,6 +2231,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 # define SSL_F_TLS_CONSTRUCT_FINISHED 359 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 # define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 85cb489c9d..73e0ae15c1 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -256,6 +256,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST), "tls_construct_hello_request"}, + {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET), + "tls_construct_new_session_ticket"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE), "tls_construct_server_certificate"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"}, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index a6b8a87092..19ceda5919 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2982,7 +2982,7 @@ int tls_construct_server_certificate(SSL *s) int tls_construct_new_session_ticket(SSL *s) { unsigned char *senc = NULL; - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx = NULL; HMAC_CTX *hctx = NULL; unsigned char *p, *macstart; const unsigned char *const_p; @@ -3012,6 +3012,10 @@ int tls_construct_new_session_ticket(SSL *s) ctx = EVP_CIPHER_CTX_new(); hctx = HMAC_CTX_new(); + if (ctx == NULL || hctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto err; + } p = senc; if (!i2d_SSL_SESSION(s->session, &p)) -- 2.25.1