From: tb Date: Tue, 30 Aug 2022 20:40:14 +0000 (+0000) Subject: Check HMAC() return value to avoid a later use of uninitialized X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5aef4460fc594cd93923be87e837ae6d78e61eaf;p=openbsd Check HMAC() return value to avoid a later use of uninitialized CID 25421 --- diff --git a/usr.bin/openssl/s_cb.c b/usr.bin/openssl/s_cb.c index 12a6c308fb3..ffaa4c5b4de 100644 --- a/usr.bin/openssl/s_cb.c +++ b/usr.bin/openssl/s_cb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_cb.c,v 1.18 2022/02/03 18:40:34 tb Exp $ */ +/* $OpenBSD: s_cb.c,v 1.19 2022/08/30 20:40:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -914,8 +914,12 @@ verify_cookie_callback(SSL * ssl, const unsigned char *cookie, } /* Calculate HMAC of buffer using the secret */ - HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, - buffer, length, result, &resultlength); + if (HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH, + buffer, length, result, &resultlength) == NULL) { + free(buffer); + return 0; + } + free(buffer); if (cookie_len == resultlength &&