From: jsing <jsing@openbsd.org>
Date: Wed, 30 Apr 2014 13:51:58 +0000 (+0000)
Subject: Avoid a potential null pointer dereference by checking that we actually
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5071407dbedd4bba77fcb54f04a84b73d450244b;p=openbsd

Avoid a potential null pointer dereference by checking that we actually
managed to allocate a fragment, before trying to memcpy data into it.

ok miod@
---

diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index 7762ccdee61..db57bf9d3d5 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	OPENSSL_assert(s->init_off == 0);
 
 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+	if (frag == NULL)
+		return 0;
 
 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c
index 7762ccdee61..db57bf9d3d5 100644
--- a/lib/libssl/src/ssl/d1_both.c
+++ b/lib/libssl/src/ssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	OPENSSL_assert(s->init_off == 0);
 
 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+	if (frag == NULL)
+		return 0;
 
 	memcpy(frag->fragment, s->init_buf->data, s->init_num);