The branch master has been updated via 884a790e17a22eed42f1fe41ccaebd8c1fe18902 (commit) via b599ce3b64b695cc7430f731a33e0f5bb83ae62c (commit) from 7acb8b64c32617788959aee2733ac14fd7b97e5f (commit)
- Log ----------------------------------------------------------------- commit 884a790e17a22eed42f1fe41ccaebd8c1fe18902 Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 22:12:56 2016 +0000 Fix missing NULL checks in key_share processing Reviewed-by: Rich Salz <rs...@openssl.org> commit b599ce3b64b695cc7430f731a33e0f5bb83ae62c Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 22:12:40 2016 +0000 Fix missing NULL checks in CKE processing Reviewed-by: Rich Salz <rs...@openssl.org> ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_clnt.c | 7 +++++++ ssl/t1_lib.c | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ba873ee..287d8ab 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2459,6 +2459,9 @@ static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt, int *al) goto err; ckey = ssl_generate_pkey(skey); + if (ckey == NULL) + goto err; + dh_clnt = EVP_PKEY_get0_DH(ckey); if (dh_clnt == NULL || ssl_derive(s, ckey, skey, 0) == 0) @@ -2496,6 +2499,10 @@ static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt, int *al) } ckey = ssl_generate_pkey(skey); + if (ckey == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_MALLOC_FAILURE); + goto err; + } if (ssl_derive(s, ckey, skey, 0) == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3e592be..ce728b0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1538,6 +1538,10 @@ static int add_client_key_share_ext(SSL *s, WPACKET *pkt, int *al) } skey = ssl_generate_pkey(ckey); + if (skey == NULL) { + SSLerr(SSL_F_ADD_CLIENT_KEY_SHARE_EXT, ERR_R_MALLOC_FAILURE); + return 0; + } /* Generate encoding of server key */ encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint); @@ -2778,6 +2782,11 @@ static int ssl_scan_serverhello_tlsext(SSL *s, PACKET *pkt, int *al) } skey = ssl_generate_pkey(ckey); + if (skey == NULL) { + *al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE); + return 0; + } if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt), PACKET_remaining(&encoded_pt))) { *al = SSL_AD_DECODE_ERROR; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits