From 5071407dbedd4bba77fcb54f04a84b73d450244b Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Wed, 30 Apr 2014 13:51:58 +0000
Subject: [PATCH] Avoid a potential null pointer dereference by checking that
 we actually managed to allocate a fragment, before trying to memcpy data into
 it.

ok miod@
---
 lib/libssl/d1_both.c         | 2 ++
 lib/libssl/src/ssl/d1_both.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index 7762ccdee61..db57bf9d3d5 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	OPENSSL_assert(s->init_off == 0);
 
 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+	if (frag == NULL)
+		return 0;
 
 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
diff --git a/lib/libssl/src/ssl/d1_both.c b/lib/libssl/src/ssl/d1_both.c
index 7762ccdee61..db57bf9d3d5 100644
--- a/lib/libssl/src/ssl/d1_both.c
+++ b/lib/libssl/src/ssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	OPENSSL_assert(s->init_off == 0);
 
 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+	if (frag == NULL)
+		return 0;
 
 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
-- 
2.20.1