Avoid a potential null pointer dereference by checking that we actually

managed to allocate a fragment, before trying to memcpy data into it. ok miod@
author: jsing <> 2014-04-30 13:51:58 +0000
committer: jsing <> 2014-04-30 13:51:58 +0000
commit: aeece982185e5f1eb42ffba9239f1c8bfb662d81 (patch)
tree: c01f5f9db1f07d63106685be1f6db9f346311ca2 /src
parent: b8e088b53dabff9eeb33721c6fa4e60831bf9797 (diff)
download: openbsd-aeece982185e5f1eb42ffba9239f1c8bfb662d81.tar.gz
openbsd-aeece982185e5f1eb42ffba9239f1c8bfb662d81.tar.bz2
openbsd-aeece982185e5f1eb42ffba9239f1c8bfb662d81.zip
2 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 7762ccdee6..db57bf9d3d 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        OPENSSL_assert(s->init_off == 0);
        frag = dtls1_hm_fragment_new(s->init_num, 0);
+        if (frag == NULL)
+                return 0;
        memcpy(frag->fragment, s->init_buf->data, s->init_num);
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index 7762ccdee6..db57bf9d3d 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        OPENSSL_assert(s->init_off == 0);
        frag = dtls1_hm_fragment_new(s->init_num, 0);
+        if (frag == NULL)
+                return 0;
        memcpy(frag->fragment, s->init_buf->data, s->init_num);
author	jsing <>	2014-04-30 13:51:58 +0000
committer	jsing <>	2014-04-30 13:51:58 +0000
commit	aeece982185e5f1eb42ffba9239f1c8bfb662d81 (patch)
tree	c01f5f9db1f07d63106685be1f6db9f346311ca2 /src
parent	b8e088b53dabff9eeb33721c6fa4e60831bf9797 (diff)
download	openbsd-aeece982185e5f1eb42ffba9239f1c8bfb662d81.tar.gz openbsd-aeece982185e5f1eb42ffba9239f1c8bfb662d81.tar.bz2 openbsd-aeece982185e5f1eb42ffba9239f1c8bfb662d81.zip