1 files changed, 25 insertions, 24 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4f1eb5bf0a..0dbc7b3707 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.185 2018/04/25 07:10:39 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.186 2018/08/24 20:30:21 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -853,22 +853,21 @@ SSL_get_peer_cert_chain(const SSL *s)
 * Now in theory, since the calling process own 't' it should be safe to
 * modify.  We need to be able to read f without being hassled
 */
-void
+int
 SSL_copy_session_id(SSL *t, const SSL *f)
 {
        CERT    *tmp;
-        /* Do we need to to SSL locking? */
+        /* Do we need to do SSL locking? */
-        SSL_set_session(t, SSL_get_session(f));
+        if (!SSL_set_session(t, SSL_get_session(f)))
+                return 0;
-        /*
+        /* What if we are set up for one protocol but want to talk another? */
-         * What if we are setup as SSLv2 but want to talk SSLv3 or
-         * vice-versa.
-         */
        if (t->method != f->method) {
-                t->method->internal->ssl_free(t);       /* cleanup current */
+                t->method->internal->ssl_free(t);
-                t->method = f->method;  /* change method */
+                t->method = f->method;
-                t->method->internal->ssl_new(t);        /* setup new */
+                if (!t->method->internal->ssl_new(t))
+                        return 0;
        }
        tmp = t->cert;
@@ -878,7 +877,11 @@ SSL_copy_session_id(SSL *t, const SSL *f)
        } else
                t->cert = NULL;
        ssl_cert_free(tmp);
-        SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
+        if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length))
+                return 0;
+        return 1;
 }
 /* Fix this so it checks all the valid key/cert options */
@@ -2500,15 +2503,15 @@ SSL_dup(SSL *s)
        int i;
        if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
-                return (NULL);
+                goto err;
        ret->version = s->version;
        ret->internal->type = s->internal->type;
        ret->method = s->method;
        if (s->session != NULL) {
-                /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+                if (!SSL_copy_session_id(ret, s))
-                SSL_copy_session_id(ret, s);
+                        goto err;
        } else {
                /*
                 * No session has been established yet, so we have to expect
@@ -2528,8 +2531,9 @@ SSL_dup(SSL *s)
                                goto err;
                }
-                SSL_set_session_id_context(ret,
+                if (!SSL_set_session_id_context(ret, s->sid_ctx,
-                s->sid_ctx, s->sid_ctx_length);
+                    s->sid_ctx_length))
+                        goto err;
        }
        ret->internal->options = s->internal->options;
@@ -2612,13 +2616,10 @@ SSL_dup(SSL *s)
                }
        }
-        if (0) {
+        return ret;
-err:
+ err:
-                if (ret != NULL)
+        SSL_free(ret);
-                        SSL_free(ret);
+        return NULL;
-                ret = NULL;
-        }
-        return (ret);
 }
 void

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 4f1eb5bf0a..0dbc7b3707 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.185 2018/04/25 07:10:39 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.186 2018/08/24 20:30:21 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -853,22 +853,21 @@ SSL_get_peer_cert_chain(const SSL *s)
853	* Now in theory, since the calling process own 't' it should be safe to	853	* Now in theory, since the calling process own 't' it should be safe to
854	* modify. We need to be able to read f without being hassled	854	* modify. We need to be able to read f without being hassled
855	*/	855	*/
856	void	856	int
857	SSL_copy_session_id(SSL t, const SSL f)	857	SSL_copy_session_id(SSL t, const SSL f)
858	{	858	{
859	CERT *tmp;	859	CERT *tmp;
860		860
861	/* Do we need to to SSL locking? */	861	/* Do we need to do SSL locking? */
862	SSL_set_session(t, SSL_get_session(f));	862	if (!SSL_set_session(t, SSL_get_session(f)))
		863	return 0;
863		864
864	/*	865	/* What if we are set up for one protocol but want to talk another? */
865	* What if we are setup as SSLv2 but want to talk SSLv3 or
866	* vice-versa.
867	*/
868	if (t->method != f->method) {	866	if (t->method != f->method) {
869	t->method->internal->ssl_free(t); /* cleanup current */	867	t->method->internal->ssl_free(t);
870	t->method = f->method; /* change method */	868	t->method = f->method;
871	t->method->internal->ssl_new(t); /* setup new */	869	if (!t->method->internal->ssl_new(t))
		870	return 0;
872	}	871	}
873		872
874	tmp = t->cert;	873	tmp = t->cert;
@@ -878,7 +877,11 @@ SSL_copy_session_id(SSL t, const SSL f)
878	} else	877	} else
879	t->cert = NULL;	878	t->cert = NULL;
880	ssl_cert_free(tmp);	879	ssl_cert_free(tmp);
881	SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);	880
		881	if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length))
		882	return 0;
		883
		884	return 1;
882	}	885	}
883		886
884	/* Fix this so it checks all the valid key/cert options */	887	/* Fix this so it checks all the valid key/cert options */
@@ -2500,15 +2503,15 @@ SSL_dup(SSL *s)
2500	int i;	2503	int i;
2501		2504
2502	if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)	2505	if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
2503	return (NULL);	2506	goto err;
2504		2507
2505	ret->version = s->version;	2508	ret->version = s->version;
2506	ret->internal->type = s->internal->type;	2509	ret->internal->type = s->internal->type;
2507	ret->method = s->method;	2510	ret->method = s->method;
2508		2511
2509	if (s->session != NULL) {	2512	if (s->session != NULL) {
2510	/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */	2513	if (!SSL_copy_session_id(ret, s))
2511	SSL_copy_session_id(ret, s);	2514	goto err;
2512	} else {	2515	} else {
2513	/*	2516	/*
2514	* No session has been established yet, so we have to expect	2517	* No session has been established yet, so we have to expect
@@ -2528,8 +2531,9 @@ SSL_dup(SSL *s)
2528	goto err;	2531	goto err;
2529	}	2532	}
2530		2533
2531	SSL_set_session_id_context(ret,	2534	if (!SSL_set_session_id_context(ret, s->sid_ctx,
2532	s->sid_ctx, s->sid_ctx_length);	2535	s->sid_ctx_length))
		2536	goto err;
2533	}	2537	}
2534		2538
2535	ret->internal->options = s->internal->options;	2539	ret->internal->options = s->internal->options;
@@ -2612,13 +2616,10 @@ SSL_dup(SSL *s)
2612	}	2616	}
2613	}	2617	}
2614		2618
2615	if (0) {	2619	return ret;
2616	err:	2620	err:
2617	if (ret != NULL)	2621	SSL_free(ret);
2618	SSL_free(ret);	2622	return NULL;
2619	ret = NULL;
2620	}
2621	return (ret);
2622	}	2623	}
2623		2624
2624	void	2625	void