diff options
| author | jsing <> | 2014-12-10 15:43:31 +0000 |
|---|---|---|
| committer | jsing <> | 2014-12-10 15:43:31 +0000 |
| commit | 47eb97a22f4397f7e4d7b37419d4c88e805cf71b (patch) | |
| tree | 626ac5debee47cd4bf6f23ff35253234be5bbe4d /src/lib/libssl/d1_srvr.c | |
| parent | 1434a91c4d4dc782915ce81dd056fa8f6cb77ae1 (diff) | |
| download | openbsd-47eb97a22f4397f7e4d7b37419d4c88e805cf71b.tar.gz openbsd-47eb97a22f4397f7e4d7b37419d4c88e805cf71b.tar.bz2 openbsd-47eb97a22f4397f7e4d7b37419d4c88e805cf71b.zip | |
ssl3_init_finished_mac() calls BIO_new() which can fail since it in turn
calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.
ok bcook@
Diffstat (limited to 'src/lib/libssl/d1_srvr.c')
| -rw-r--r-- | src/lib/libssl/d1_srvr.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index e1959fb7e1..ee0e62336f 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: d1_srvr.c,v 1.42 2014/11/16 14:12:47 jsing Exp $ */ | 1 | /* $OpenBSD: d1_srvr.c,v 1.43 2014/12/10 15:43:31 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * DTLS implementation written by Nagendra Modadugu | 3 | * DTLS implementation written by Nagendra Modadugu |
| 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. | 4 | * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. |
| @@ -272,7 +272,11 @@ dtls1_accept(SSL *s) | |||
| 272 | goto end; | 272 | goto end; |
| 273 | } | 273 | } |
| 274 | 274 | ||
| 275 | ssl3_init_finished_mac(s); | 275 | if (!ssl3_init_finished_mac(s)) { |
| 276 | ret = -1; | ||
| 277 | goto end; | ||
| 278 | } | ||
| 279 | |||
| 276 | s->state = SSL3_ST_SR_CLNT_HELLO_A; | 280 | s->state = SSL3_ST_SR_CLNT_HELLO_A; |
| 277 | s->ctx->stats.sess_accept++; | 281 | s->ctx->stats.sess_accept++; |
| 278 | } else { | 282 | } else { |
| @@ -297,7 +301,10 @@ dtls1_accept(SSL *s) | |||
| 297 | s->state = SSL3_ST_SW_FLUSH; | 301 | s->state = SSL3_ST_SW_FLUSH; |
| 298 | s->init_num = 0; | 302 | s->init_num = 0; |
| 299 | 303 | ||
| 300 | ssl3_init_finished_mac(s); | 304 | if (!ssl3_init_finished_mac(s)) { |
| 305 | ret = -1; | ||
| 306 | goto end; | ||
| 307 | } | ||
| 301 | break; | 308 | break; |
| 302 | 309 | ||
| 303 | case SSL3_ST_SW_HELLO_REQ_C: | 310 | case SSL3_ST_SW_HELLO_REQ_C: |
| @@ -351,8 +358,12 @@ dtls1_accept(SSL *s) | |||
| 351 | s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; | 358 | s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A; |
| 352 | 359 | ||
| 353 | /* HelloVerifyRequest resets Finished MAC */ | 360 | /* HelloVerifyRequest resets Finished MAC */ |
| 354 | if (s->version != DTLS1_BAD_VER) | 361 | if (s->version != DTLS1_BAD_VER) { |
| 355 | ssl3_init_finished_mac(s); | 362 | if (!ssl3_init_finished_mac(s)) { |
| 363 | ret = -1; | ||
| 364 | goto end; | ||
| 365 | } | ||
| 366 | } | ||
| 356 | break; | 367 | break; |
| 357 | 368 | ||
| 358 | #ifndef OPENSSL_NO_SCTP | 369 | #ifndef OPENSSL_NO_SCTP |