Zhongxing Xu wrote:
openssl-1.0.0-stable-SNAP-20091026/ssl/t1_lib.c:657case TLSEXT_NAMETYPE_host_name: if (s->session->tlsext_hostname == NULL) { if (len > TLSEXT_MAXLEN_host_name || ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; } memcpy(s->session->tlsext_hostname, sdata, len); s->session->tlsext_hostname might be NULL. memcpy() cannot take NULL as dest pointer.
The malloc above is tested? Did I overlook something?
-Zhongxing Xu ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
