artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2a013ae)
Avoid a potential null pointer dereference by checking that we actually
authorjsing <jsing@openbsd.org>
Wed, 30 Apr 2014 13:51:58 +0000 (13:51 +0000)
committerjsing <jsing@openbsd.org>
Wed, 30 Apr 2014 13:51:58 +0000 (13:51 +0000)
managed to allocate a fragment, before trying to memcpy data into it.

ok miod@

lib/libssl/d1_both.c patch | blob | history
lib/libssl/src/ssl/d1_both.c patch | blob | history

diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index 7762ccd..db57bf9 100644 (file)
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        OPENSSL_assert(s->init_off == 0);
 
        frag = dtls1_hm_fragment_new(s->init_num, 0);
+       if (frag == NULL)
+               return 0;
 
        memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c
index 7762ccd..db57bf9 100644 (file)
--- a/lib/libssl/src/ssl/d1_both.c
+++ b/lib/libssl/src/ssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        OPENSSL_assert(s->init_off == 0);
 
        frag = dtls1_hm_fragment_new(s->init_num, 0);
+       if (frag == NULL)
+               return 0;
 
        memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
OpenBSD src
by Ahmet Artu Yildirim