ssl_sess_cert_new() can return NULL. Fix two cases where the return value

is unchecked, which would result in a later null pointer dereference. While here, RSA_free, DH_free and EC_KEY_free all have implicit NULL checks, so avoid repeating them here. ok beck@
author: jsing <> 2014-06-05 16:08:11 +0000
committer: jsing <> 2014-06-05 16:08:11 +0000
commit: 709e767ee1bae902c542e5d14cba5920b5b85177 (patch)
tree: 79e0fbefcde08dad4706f7b69afa20a750537019 /src/lib
parent: 5a5a7de256385ee0fc587b8576ed7c35eb9ad584 (diff)
download: openbsd-709e767ee1bae902c542e5d14cba5920b5b85177.tar.gz
openbsd-709e767ee1bae902c542e5d14cba5920b5b85177.tar.bz2
openbsd-709e767ee1bae902c542e5d14cba5920b5b85177.zip
2 files changed, 24 insertions, 26 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 60a17ce11b..2b538f21b4 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1136,7 +1136,6 @@ ssl3_get_server_certificate(SSL *s)
        sc = ssl_sess_cert_new();
        if (sc == NULL)
                goto err;
        if (s->session->sess_cert)
                ssl_sess_cert_free(s->session->sess_cert);
        s->session->sess_cert = sc;
@@ -1252,6 +1251,8 @@ ssl3_get_key_exchange(SSL *s)
                 */
                if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
                        s->session->sess_cert = ssl_sess_cert_new();
+                        if (s->session->sess_cert == NULL)
+                                goto err; 
                        free(s->ctx->psk_identity_hint);
                        s->ctx->psk_identity_hint = NULL;
                }
@@ -1262,20 +1263,18 @@ ssl3_get_key_exchange(SSL *s)
        param = p = (unsigned char *)s->init_msg;
        if (s->session->sess_cert != NULL) {
-                if (s->session->sess_cert->peer_rsa_tmp != NULL) {
+                RSA_free(s->session->sess_cert->peer_rsa_tmp);
-                        RSA_free(s->session->sess_cert->peer_rsa_tmp);
+                s->session->sess_cert->peer_rsa_tmp = NULL;
-                        s->session->sess_cert->peer_rsa_tmp = NULL;
-                }
+                DH_free(s->session->sess_cert->peer_dh_tmp);
-                if (s->session->sess_cert->peer_dh_tmp) {
+                s->session->sess_cert->peer_dh_tmp = NULL;
-                        DH_free(s->session->sess_cert->peer_dh_tmp);
-                        s->session->sess_cert->peer_dh_tmp = NULL;
+                EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-                }
+                s->session->sess_cert->peer_ecdh_tmp = NULL;
-                if (s->session->sess_cert->peer_ecdh_tmp) {
-                        EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-                        s->session->sess_cert->peer_ecdh_tmp = NULL;
-                }
        } else {
                s->session->sess_cert = ssl_sess_cert_new();
+                if (s->session->sess_cert == NULL)
+                        goto err; 
        }
        param_len = 0;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 60a17ce11b..2b538f21b4 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1136,7 +1136,6 @@ ssl3_get_server_certificate(SSL *s)
        sc = ssl_sess_cert_new();
        if (sc == NULL)
                goto err;
        if (s->session->sess_cert)
                ssl_sess_cert_free(s->session->sess_cert);
        s->session->sess_cert = sc;
@@ -1252,6 +1251,8 @@ ssl3_get_key_exchange(SSL *s)
                 */
                if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
                        s->session->sess_cert = ssl_sess_cert_new();
+                        if (s->session->sess_cert == NULL)
+                                goto err; 
                        free(s->ctx->psk_identity_hint);
                        s->ctx->psk_identity_hint = NULL;
                }
@@ -1262,20 +1263,18 @@ ssl3_get_key_exchange(SSL *s)
        param = p = (unsigned char *)s->init_msg;
        if (s->session->sess_cert != NULL) {
-                if (s->session->sess_cert->peer_rsa_tmp != NULL) {
+                RSA_free(s->session->sess_cert->peer_rsa_tmp);
-                        RSA_free(s->session->sess_cert->peer_rsa_tmp);
+                s->session->sess_cert->peer_rsa_tmp = NULL;
-                        s->session->sess_cert->peer_rsa_tmp = NULL;
-                }
+                DH_free(s->session->sess_cert->peer_dh_tmp);
-                if (s->session->sess_cert->peer_dh_tmp) {
+                s->session->sess_cert->peer_dh_tmp = NULL;
-                        DH_free(s->session->sess_cert->peer_dh_tmp);
-                        s->session->sess_cert->peer_dh_tmp = NULL;
+                EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-                }
+                s->session->sess_cert->peer_ecdh_tmp = NULL;
-                if (s->session->sess_cert->peer_ecdh_tmp) {
-                        EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
-                        s->session->sess_cert->peer_ecdh_tmp = NULL;
-                }
        } else {
                s->session->sess_cert = ssl_sess_cert_new();
+                if (s->session->sess_cert == NULL)
+                        goto err; 
        }
        param_len = 0;
author	jsing <>	2014-06-05 16:08:11 +0000
committer	jsing <>	2014-06-05 16:08:11 +0000
commit	709e767ee1bae902c542e5d14cba5920b5b85177 (patch)
tree	79e0fbefcde08dad4706f7b69afa20a750537019 /src/lib
parent	5a5a7de256385ee0fc587b8576ed7c35eb9ad584 (diff)
download	openbsd-709e767ee1bae902c542e5d14cba5920b5b85177.tar.gz openbsd-709e767ee1bae902c542e5d14cba5920b5b85177.tar.bz2 openbsd-709e767ee1bae902c542e5d14cba5920b5b85177.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 60a17ce11b..2b538f21b4 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1136,7 +1136,6 @@ ssl3_get_server_certificate(SSL *s)
1136	sc = ssl_sess_cert_new();	1136	sc = ssl_sess_cert_new();
1137	if (sc == NULL)	1137	if (sc == NULL)
1138	goto err;	1138	goto err;
1139
1140	if (s->session->sess_cert)	1139	if (s->session->sess_cert)
1141	ssl_sess_cert_free(s->session->sess_cert);	1140	ssl_sess_cert_free(s->session->sess_cert);
1142	s->session->sess_cert = sc;	1141	s->session->sess_cert = sc;
@@ -1252,6 +1251,8 @@ ssl3_get_key_exchange(SSL *s)
1252	*/	1251	*/
1253	if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {	1252	if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1254	s->session->sess_cert = ssl_sess_cert_new();	1253	s->session->sess_cert = ssl_sess_cert_new();
		1254	if (s->session->sess_cert == NULL)
		1255	goto err;
1255	free(s->ctx->psk_identity_hint);	1256	free(s->ctx->psk_identity_hint);
1256	s->ctx->psk_identity_hint = NULL;	1257	s->ctx->psk_identity_hint = NULL;
1257	}	1258	}
@@ -1262,20 +1263,18 @@ ssl3_get_key_exchange(SSL *s)
1262		1263
1263	param = p = (unsigned char *)s->init_msg;	1264	param = p = (unsigned char *)s->init_msg;
1264	if (s->session->sess_cert != NULL) {	1265	if (s->session->sess_cert != NULL) {
1265	if (s->session->sess_cert->peer_rsa_tmp != NULL) {	1266	RSA_free(s->session->sess_cert->peer_rsa_tmp);
1266	RSA_free(s->session->sess_cert->peer_rsa_tmp);	1267	s->session->sess_cert->peer_rsa_tmp = NULL;
1267	s->session->sess_cert->peer_rsa_tmp = NULL;	1268
1268	}	1269	DH_free(s->session->sess_cert->peer_dh_tmp);
1269	if (s->session->sess_cert->peer_dh_tmp) {	1270	s->session->sess_cert->peer_dh_tmp = NULL;
1270	DH_free(s->session->sess_cert->peer_dh_tmp);	1271
1271	s->session->sess_cert->peer_dh_tmp = NULL;	1272	EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1272	}	1273	s->session->sess_cert->peer_ecdh_tmp = NULL;
1273	if (s->session->sess_cert->peer_ecdh_tmp) {
1274	EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1275	s->session->sess_cert->peer_ecdh_tmp = NULL;
1276	}
1277	} else {	1274	} else {
1278	s->session->sess_cert = ssl_sess_cert_new();	1275	s->session->sess_cert = ssl_sess_cert_new();
		1276	if (s->session->sess_cert == NULL)
		1277	goto err;
1279	}	1278	}
1280		1279
1281	param_len = 0;	1280	param_len = 0;


diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 60a17ce11b..2b538f21b4 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1136,7 +1136,6 @@ ssl3_get_server_certificate(SSL *s)
1136	sc = ssl_sess_cert_new();	1136	sc = ssl_sess_cert_new();
1137	if (sc == NULL)	1137	if (sc == NULL)
1138	goto err;	1138	goto err;
1139
1140	if (s->session->sess_cert)	1139	if (s->session->sess_cert)
1141	ssl_sess_cert_free(s->session->sess_cert);	1140	ssl_sess_cert_free(s->session->sess_cert);
1142	s->session->sess_cert = sc;	1141	s->session->sess_cert = sc;
@@ -1252,6 +1251,8 @@ ssl3_get_key_exchange(SSL *s)
1252	*/	1251	*/
1253	if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {	1252	if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) {
1254	s->session->sess_cert = ssl_sess_cert_new();	1253	s->session->sess_cert = ssl_sess_cert_new();
		1254	if (s->session->sess_cert == NULL)
		1255	goto err;
1255	free(s->ctx->psk_identity_hint);	1256	free(s->ctx->psk_identity_hint);
1256	s->ctx->psk_identity_hint = NULL;	1257	s->ctx->psk_identity_hint = NULL;
1257	}	1258	}
@@ -1262,20 +1263,18 @@ ssl3_get_key_exchange(SSL *s)
1262		1263
1263	param = p = (unsigned char *)s->init_msg;	1264	param = p = (unsigned char *)s->init_msg;
1264	if (s->session->sess_cert != NULL) {	1265	if (s->session->sess_cert != NULL) {
1265	if (s->session->sess_cert->peer_rsa_tmp != NULL) {	1266	RSA_free(s->session->sess_cert->peer_rsa_tmp);
1266	RSA_free(s->session->sess_cert->peer_rsa_tmp);	1267	s->session->sess_cert->peer_rsa_tmp = NULL;
1267	s->session->sess_cert->peer_rsa_tmp = NULL;	1268
1268	}	1269	DH_free(s->session->sess_cert->peer_dh_tmp);
1269	if (s->session->sess_cert->peer_dh_tmp) {	1270	s->session->sess_cert->peer_dh_tmp = NULL;
1270	DH_free(s->session->sess_cert->peer_dh_tmp);	1271
1271	s->session->sess_cert->peer_dh_tmp = NULL;	1272	EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1272	}	1273	s->session->sess_cert->peer_ecdh_tmp = NULL;
1273	if (s->session->sess_cert->peer_ecdh_tmp) {
1274	EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
1275	s->session->sess_cert->peer_ecdh_tmp = NULL;
1276	}
1277	} else {	1274	} else {
1278	s->session->sess_cert = ssl_sess_cert_new();	1275	s->session->sess_cert = ssl_sess_cert_new();
		1276	if (s->session->sess_cert == NULL)
		1277	goto err;
1279	}	1278	}
1280		1279
1281	param_len = 0;	1280	param_len = 0;