changeset: 6615:00c0c155d992
user: Kevin McCarthy <[email protected]>
date: Sun Apr 10 19:10:17 2016 -0700
link: http://dev.mutt.org/hg/mutt/rev/00c0c155d992
Check for SSL_CTX_new returning NULL in ssl_sock_open(). (closes #3831)
Thanks to Yuan Kang and the security researchers at Columbia
University and the University of Virginia for reporting the bug.
diffs (16 lines):
diff -r 5464329344cd -r 00c0c155d992 mutt_ssl.c
--- a/mutt_ssl.c Sun Apr 10 18:30:21 2016 -0700
+++ b/mutt_ssl.c Sun Apr 10 19:10:17 2016 -0700
@@ -334,7 +334,11 @@
data = (sslsockdata *) safe_calloc (1, sizeof (sslsockdata));
conn->sockdata = data;
- data->ctx = SSL_CTX_new (SSLv23_client_method ());
+ if (! (data->ctx = SSL_CTX_new (SSLv23_client_method ())))
+ {
+ mutt_socket_close (conn);
+ return -1;
+ }
/* disable SSL protocols as needed */
if (!option(OPTTLSV1))
