Avoid a potential null pointer dereference by checking that we actually

managed to allocate a fragment, before trying to memcpy data into it. ok miod@
author: jsing <> 2014-04-30 13:51:58 +0000
committer: jsing <> 2014-04-30 13:51:58 +0000
commit: e057e887f1eef8891aeac46e0ea55f94393b6a9f (patch)
tree: c01f5f9db1f07d63106685be1f6db9f346311ca2 /src
parent: 51d25ffbc5935a343926814f8f292b9e1e4039ae (diff)
download: openbsd-e057e887f1eef8891aeac46e0ea55f94393b6a9f.tar.gz
openbsd-e057e887f1eef8891aeac46e0ea55f94393b6a9f.tar.bz2
openbsd-e057e887f1eef8891aeac46e0ea55f94393b6a9f.zip
2 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 7762ccdee6..db57bf9d3d 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        OPENSSL_assert(s->init_off == 0);
        frag = dtls1_hm_fragment_new(s->init_num, 0);
+        if (frag == NULL)
+                return 0;
        memcpy(frag->fragment, s->init_buf->data, s->init_num);
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index 7762ccdee6..db57bf9d3d 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
        OPENSSL_assert(s->init_off == 0);
        frag = dtls1_hm_fragment_new(s->init_num, 0);
+        if (frag == NULL)
+                return 0;
        memcpy(frag->fragment, s->init_buf->data, s->init_num);
author	jsing <>	2014-04-30 13:51:58 +0000
committer	jsing <>	2014-04-30 13:51:58 +0000
commit	e057e887f1eef8891aeac46e0ea55f94393b6a9f (patch)
tree	c01f5f9db1f07d63106685be1f6db9f346311ca2 /src
parent	51d25ffbc5935a343926814f8f292b9e1e4039ae (diff)
download	openbsd-e057e887f1eef8891aeac46e0ea55f94393b6a9f.tar.gz openbsd-e057e887f1eef8891aeac46e0ea55f94393b6a9f.tar.bz2 openbsd-e057e887f1eef8891aeac46e0ea55f94393b6a9f.zip