The branch OpenSSL_1_1_0-stable has been updated via efbe126e3ebb9123ac9d058aa2bb044261342aaa (commit) from 793d9b79033c2fffc8e781dab2fd678661b348cd (commit)
- Log ----------------------------------------------------------------- commit efbe126e3ebb9123ac9d058aa2bb044261342aaa Author: Matt Caswell <m...@openssl.org> Date: Wed Nov 23 22:12:40 2016 +0000 Fix missing NULL checks in CKE processing Reviewed-by: Rich Salz <rs...@openssl.org> ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_clnt.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index e90a63c..5ea0919 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2258,6 +2258,11 @@ static int tls_construct_cke_dhe(SSL *s, unsigned char **p, int *len, int *al) return 0; } ckey = ssl_generate_pkey(skey); + if (ckey == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CKE_DHE, ERR_R_INTERNAL_ERROR); + return 0; + } + dh_clnt = EVP_PKEY_get0_DH(ckey); if (dh_clnt == NULL || ssl_derive(s, ckey, skey) == 0) { @@ -2296,6 +2301,10 @@ static int tls_construct_cke_ecdhe(SSL *s, unsigned char **p, int *len, int *al) } ckey = ssl_generate_pkey(skey); + if (ckey == NULL) { + SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_INTERNAL_ERROR); + goto err; + } if (ssl_derive(s, ckey, skey) == 0) { SSLerr(SSL_F_TLS_CONSTRUCT_CKE_ECDHE, ERR_R_EVP_LIB); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits