ssl3_init_finished_mac() calls BIO_new() which can fail since it in turn

calls malloc(). Instead of silently continuing on failure, check the return
value of BIO_new() and propagate failure back to the caller for appropriate
handling.

ok bcook@

1 files changed, 5 insertions, 2 deletions

diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c
index 9530ecdbaa..a7686c3f40 100644
--- a/src/lib/libssl/s23_srvr.c
+++ b/src/lib/libssl/s23_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s23_srvr.c,v 1.36 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: s23_srvr.c,v 1.37 2014/12/10 15:43:31 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -219,7 +219,10 @@ ssl23_accept(SSL *s)
                                 s->init_buf = buf;
                         }
 
-                        ssl3_init_finished_mac(s);
+                        if (!ssl3_init_finished_mac(s)) {
+                                ret = -1;
+                                goto end;
+                        }
 
                         s->state = SSL23_ST_SR_CLNT_HELLO_A;
                         s->ctx->stats.sess_accept++;