Hello
In version openssl-1.0.h
In case of malloc error, the buffer is not tested here
In ssl/d1_both.c
int
dtls1_process_heartbeat(SSL *s)
{
.....
/* Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
buffer = OPENSSL_malloc(write_length);
bp = buffer;
/* Enter response type, length and copy payload */
*bp++ = TLS1_HB_RESPONSE;
Here neither
In ssl/d1_both.c
int
dtls1_heartbeat(SSL *s)
{
.......
buf = OPENSSL_malloc(1 + 2 + payload + padding);
p = buf;
/* Message Type */
*p++ = TLS1_HB_REQUEST;
Here neither in ssl/s3_enc.c
int ssl3_digest_cached_records(SSL *s)
{
....
/* Allocate handshake_dgst array */
ssl3_free_digest_list(s);
s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST *
sizeof(EVP_MD_CTX *));
memset(s->s3->handshake_dgst,0,SSL_MAX_DIGEST *sizeof(EVP_MD_CTX *));
Here neither in ssl/ssl_ciph.c
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
.....
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
comp->id=id;
Here neither in ssl/ssl_sess.c
int SSL_set_session(SSL *s, SSL_SESSION *session)
{
....
s->kssl_ctx->client_princ = (char
*)OPENSSL_malloc(session->krb5_client_princ_len + 1);
memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
session->krb5_client_princ_len);
Here neither in ssl/t1_lib.c
int
tls1_process_heartbeat(SSL *s)
.....
buffer = OPENSSL_malloc(1 + 2 + payload + padding);
bp = buffer;
/* Enter response type, length and copy payload */
*bp++ = TLS1_HB_RESPONSE;
Here neither in ssl/t1_lib.c
int
tls1_heartbeat(SSL *s)
.....
buf = OPENSSL_malloc(1 + 2 + payload + padding);
p = buf;
/* Message Type */
*p++ = TLS1_HB_REQUEST;
It might be done on purpose ?
Bye
Didier CRUETTE
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
