From 83ae4661315d3d0ad52ddaa8fa5c8f1055c6c6f6 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 29 Sep 2016 15:38:44 +0100 Subject: [PATCH] Fix missing NULL checks in NewSessionTicket construction Reviewed-by: Rich Salz --- include/openssl/ssl.h | 1 + ssl/ssl_err.c | 2 ++ ssl/statem/statem_srvr.c | 6 +++++- 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d127c76d6c..d741ece326 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2233,6 +2233,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 # define SSL_F_TLS_CONSTRUCT_FINISHED 359 # define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 # define SSL_F_TLS_CONSTRUCT_NEXT_PROTO 426 # define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 # define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index ec550be4ba..e6c73208a4 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -259,6 +259,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST), "tls_construct_hello_request"}, + {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET), + "tls_construct_new_session_ticket"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEXT_PROTO), "tls_construct_next_proto"}, {ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE), "tls_construct_server_certificate"}, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index b9eb6346d1..eae0e3cadc 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2947,7 +2947,7 @@ int tls_construct_server_certificate(SSL *s) int tls_construct_new_session_ticket(SSL *s) { unsigned char *senc = NULL; - EVP_CIPHER_CTX *ctx; + EVP_CIPHER_CTX *ctx = NULL; HMAC_CTX *hctx = NULL; unsigned char *p, *macstart; const unsigned char *const_p; @@ -2977,6 +2977,10 @@ int tls_construct_new_session_ticket(SSL *s) ctx = EVP_CIPHER_CTX_new(); hctx = HMAC_CTX_new(); + if (ctx == NULL || hctx == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto err; + } p = senc; if (!i2d_SSL_SESSION(s->session, &p)) -- 2.25.1