1 files changed, 18 insertions, 32 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index c45708bf78..205c2558fb 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -163,9 +163,7 @@ void
 tls1_free(SSL *s)
 {
 #ifndef OPENSSL_NO_TLSEXT
-        if (s->tlsext_session_ticket) {
+        free(s->tlsext_session_ticket);
-                free(s->tlsext_session_ticket);
-        }
 #endif /* OPENSSL_NO_TLSEXT */
        ssl3_free(s);
 }
@@ -1082,10 +1080,7 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                return 0;
                        }
                        if (!s->hit) {
-                                if (s->session->tlsext_ecpointformatlist) {
+                                free(s->session->tlsext_ecpointformatlist);
-                                        free(s->session->tlsext_ecpointformatlist);
-                                        s->session->tlsext_ecpointformatlist = NULL;
-                                }
                                s->session->tlsext_ecpointformatlist_length = 0;
                                if ((s->session->tlsext_ecpointformatlist =
                                    malloc(ecpointformatlist_length)) == NULL) {
@@ -1151,8 +1146,8 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                return 0;
                        }
-                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
+                        free(s->s3->client_opaque_prf_input);
-                                free(s->s3->client_opaque_prf_input);
                        if (s->s3->client_opaque_prf_input_len == 0)
                                s->s3->client_opaque_prf_input = NULL;
                        else {
@@ -1413,8 +1408,8 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                return 0;
                        }
                        s->session->tlsext_ecpointformatlist_length = 0;
-                        if (s->session->tlsext_ecpointformatlist != NULL)
-                                free(s->session->tlsext_ecpointformatlist);
+                        free(s->session->tlsext_ecpointformatlist);
                        if ((s->session->tlsext_ecpointformatlist =
                            malloc(ecpointformatlist_length)) == NULL) {
                                *al = TLS1_AD_INTERNAL_ERROR;
@@ -1458,14 +1453,13 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                                return 0;
                        }
-                        if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
+                        free(s->s3->server_opaque_prf_input);
-                                free(s->s3->server_opaque_prf_input);
+                        s->s3->server_opaque_prf_input = NULL;
-                        if (s->s3->server_opaque_prf_input_len == 0)
-                                s->s3->server_opaque_prf_input = NULL;
+                        if (s->s3->server_opaque_prf_input_len != 0)
-                        else {
                                s->s3->server_opaque_prf_input =
                                    BUF_memdup(sdata,
-                                      s->s3->server_opaque_prf_input_len);
+                                        s->s3->server_opaque_prf_input_len);
                                if (s->s3->server_opaque_prf_input == NULL) {
                                        *al = TLS1_AD_INTERNAL_ERROR;
                                        return 0;
@@ -1600,8 +1594,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
        }
        using_ecc = using_ecc && (s->version >= TLS1_VERSION);
        if (using_ecc) {
-                if (s->tlsext_ecpointformatlist != NULL)
+                free(s->tlsext_ecpointformatlist);
-                        free(s->tlsext_ecpointformatlist);
                if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
                            ERR_R_MALLOC_FAILURE);
@@ -1613,8 +1606,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
                /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
-                if (s->tlsext_ellipticcurvelist != NULL)
+                free(s->tlsext_ellipticcurvelist);
-                        free(s->tlsext_ellipticcurvelist);
                s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2;
                if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
                        s->tlsext_ellipticcurvelist_length = 0;
@@ -1640,9 +1632,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                }
                if (s->tlsext_opaque_prf_input != NULL) {
-                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
+                        free(s->s3->client_opaque_prf_input);
-                                free(s->s3->client_opaque_prf_input);
                        if (s->tlsext_opaque_prf_input_len == 0)
                                s->s3->client_opaque_prf_input = NULL;
                        else {
@@ -1684,8 +1674,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)
        using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
        if (using_ecc) {
-                if (s->tlsext_ecpointformatlist != NULL)
+                free(s->tlsext_ecpointformatlist);
-                        free(s->tlsext_ecpointformatlist);
                if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
                        SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
                        return -1;
@@ -1738,8 +1727,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                        }
                }
-                if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
+                free(s->s3->server_opaque_prf_input);
-                        free(s->s3->server_opaque_prf_input);
                s->s3->server_opaque_prf_input = NULL;
                if (s->tlsext_opaque_prf_input != NULL) {
@@ -1922,10 +1910,8 @@ ssl_check_serverhello_tlsext(SSL *s)
                /* Set resp to NULL, resplen to -1 so callback knows
                 * there is no response.
                 */
-                if (s->tlsext_ocsp_resp) {
+                free(s->tlsext_ocsp_resp);
-                        free(s->tlsext_ocsp_resp);
+                s->tlsext_ocsp_resp = NULL;
-                        s->tlsext_ocsp_resp = NULL;
-                }
                s->tlsext_ocsp_resplen = -1;
                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
                if (r == 0) {

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index c45708bf78..205c2558fb 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -163,9 +163,7 @@ void
163	tls1_free(SSL *s)	163	tls1_free(SSL *s)
164	{	164	{
165	#ifndef OPENSSL_NO_TLSEXT	165	#ifndef OPENSSL_NO_TLSEXT
166	if (s->tlsext_session_ticket) {	166	free(s->tlsext_session_ticket);
167	free(s->tlsext_session_ticket);
168	}
169	#endif /* OPENSSL_NO_TLSEXT */	167	#endif /* OPENSSL_NO_TLSEXT */
170	ssl3_free(s);	168	ssl3_free(s);
171	}	169	}
@@ -1082,10 +1080,7 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1082	return 0;	1080	return 0;
1083	}	1081	}
1084	if (!s->hit) {	1082	if (!s->hit) {
1085	if (s->session->tlsext_ecpointformatlist) {	1083	free(s->session->tlsext_ecpointformatlist);
1086	free(s->session->tlsext_ecpointformatlist);
1087	s->session->tlsext_ecpointformatlist = NULL;
1088	}
1089	s->session->tlsext_ecpointformatlist_length = 0;	1084	s->session->tlsext_ecpointformatlist_length = 0;
1090	if ((s->session->tlsext_ecpointformatlist =	1085	if ((s->session->tlsext_ecpointformatlist =
1091	malloc(ecpointformatlist_length)) == NULL) {	1086	malloc(ecpointformatlist_length)) == NULL) {
@@ -1151,8 +1146,8 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1151	return 0;	1146	return 0;
1152	}	1147	}
1153		1148
1154	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */	1149	free(s->s3->client_opaque_prf_input);
1155	free(s->s3->client_opaque_prf_input);	1150
1156	if (s->s3->client_opaque_prf_input_len == 0)	1151	if (s->s3->client_opaque_prf_input_len == 0)
1157	s->s3->client_opaque_prf_input = NULL;	1152	s->s3->client_opaque_prf_input = NULL;
1158	else {	1153	else {
@@ -1413,8 +1408,8 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d,
1413	return 0;	1408	return 0;
1414	}	1409	}
1415	s->session->tlsext_ecpointformatlist_length = 0;	1410	s->session->tlsext_ecpointformatlist_length = 0;
1416	if (s->session->tlsext_ecpointformatlist != NULL)	1411
1417	free(s->session->tlsext_ecpointformatlist);	1412	free(s->session->tlsext_ecpointformatlist);
1418	if ((s->session->tlsext_ecpointformatlist =	1413	if ((s->session->tlsext_ecpointformatlist =
1419	malloc(ecpointformatlist_length)) == NULL) {	1414	malloc(ecpointformatlist_length)) == NULL) {
1420	*al = TLS1_AD_INTERNAL_ERROR;	1415	*al = TLS1_AD_INTERNAL_ERROR;
@@ -1458,14 +1453,13 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d,
1458	return 0;	1453	return 0;
1459	}	1454	}
1460		1455
1461	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */	1456	free(s->s3->server_opaque_prf_input);
1462	free(s->s3->server_opaque_prf_input);	1457	s->s3->server_opaque_prf_input = NULL;
1463	if (s->s3->server_opaque_prf_input_len == 0)	1458
1464	s->s3->server_opaque_prf_input = NULL;	1459	if (s->s3->server_opaque_prf_input_len != 0)
1465	else {
1466	s->s3->server_opaque_prf_input =	1460	s->s3->server_opaque_prf_input =
1467	BUF_memdup(sdata,	1461	BUF_memdup(sdata,
1468	s->s3->server_opaque_prf_input_len);	1462	s->s3->server_opaque_prf_input_len);
1469	if (s->s3->server_opaque_prf_input == NULL) {	1463	if (s->s3->server_opaque_prf_input == NULL) {
1470	*al = TLS1_AD_INTERNAL_ERROR;	1464	*al = TLS1_AD_INTERNAL_ERROR;
1471	return 0;	1465	return 0;
@@ -1600,8 +1594,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1600	}	1594	}
1601	using_ecc = using_ecc && (s->version >= TLS1_VERSION);	1595	using_ecc = using_ecc && (s->version >= TLS1_VERSION);
1602	if (using_ecc) {	1596	if (using_ecc) {
1603	if (s->tlsext_ecpointformatlist != NULL)	1597	free(s->tlsext_ecpointformatlist);
1604	free(s->tlsext_ecpointformatlist);
1605	if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {	1598	if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1606	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,	1599	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
1607	ERR_R_MALLOC_FAILURE);	1600	ERR_R_MALLOC_FAILURE);
@@ -1613,8 +1606,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1613	s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;	1606	s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1614		1607
1615	/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */	1608	/* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
1616	if (s->tlsext_ellipticcurvelist != NULL)	1609	free(s->tlsext_ellipticcurvelist);
1617	free(s->tlsext_ellipticcurvelist);
1618	s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2;	1610	s->tlsext_ellipticcurvelist_length = sizeof(pref_list) / sizeof(pref_list[0]) * 2;
1619	if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {	1611	if ((s->tlsext_ellipticcurvelist = malloc(s->tlsext_ellipticcurvelist_length)) == NULL) {
1620	s->tlsext_ellipticcurvelist_length = 0;	1612	s->tlsext_ellipticcurvelist_length = 0;
@@ -1640,9 +1632,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1640	}	1632	}
1641		1633
1642	if (s->tlsext_opaque_prf_input != NULL) {	1634	if (s->tlsext_opaque_prf_input != NULL) {
1643	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */	1635	free(s->s3->client_opaque_prf_input);
1644	free(s->s3->client_opaque_prf_input);
1645
1646	if (s->tlsext_opaque_prf_input_len == 0)	1636	if (s->tlsext_opaque_prf_input_len == 0)
1647	s->s3->client_opaque_prf_input = NULL;	1637	s->s3->client_opaque_prf_input = NULL;
1648	else {	1638	else {
@@ -1684,8 +1674,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)
1684	using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);	1674	using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
1685		1675
1686	if (using_ecc) {	1676	if (using_ecc) {
1687	if (s->tlsext_ecpointformatlist != NULL)	1677	free(s->tlsext_ecpointformatlist);
1688	free(s->tlsext_ecpointformatlist);
1689	if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {	1678	if ((s->tlsext_ecpointformatlist = malloc(3)) == NULL) {
1690	SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);	1679	SSLerr(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
1691	return -1;	1680	return -1;
@@ -1738,8 +1727,7 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1738	}	1727	}
1739	}	1728	}
1740		1729
1741	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */	1730	free(s->s3->server_opaque_prf_input);
1742	free(s->s3->server_opaque_prf_input);
1743	s->s3->server_opaque_prf_input = NULL;	1731	s->s3->server_opaque_prf_input = NULL;
1744		1732
1745	if (s->tlsext_opaque_prf_input != NULL) {	1733	if (s->tlsext_opaque_prf_input != NULL) {
@@ -1922,10 +1910,8 @@ ssl_check_serverhello_tlsext(SSL *s)
1922	/* Set resp to NULL, resplen to -1 so callback knows	1910	/* Set resp to NULL, resplen to -1 so callback knows
1923	* there is no response.	1911	* there is no response.
1924	*/	1912	*/
1925	if (s->tlsext_ocsp_resp) {	1913	free(s->tlsext_ocsp_resp);
1926	free(s->tlsext_ocsp_resp);	1914	s->tlsext_ocsp_resp = NULL;
1927	s->tlsext_ocsp_resp = NULL;
1928	}
1929	s->tlsext_ocsp_resplen = -1;	1915	s->tlsext_ocsp_resplen = -1;
1930	r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);	1916	r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
1931	if (r == 0) {	1917	if (r == 0) {