1 files changed, 39 insertions, 26 deletions
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 99298c1791..c45708bf78 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -1154,12 +1154,15 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
                                free(s->s3->client_opaque_prf_input);
                        if (s->s3->client_opaque_prf_input_len == 0)
-                                s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->client_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);
+                                s->s3->client_opaque_prf_input =
-                        if (s->s3->client_opaque_prf_input == NULL) {
+                                    BUF_memdup(sdata,
-                                *al = TLS1_AD_INTERNAL_ERROR;
+                                      s->s3->client_opaque_prf_input_len);
-                                return 0;
+                                if (s->s3->client_opaque_prf_input == NULL) {
+                                        *al = TLS1_AD_INTERNAL_ERROR;
+                                        return 0;
+                                }
                        }
                }
 #endif
@@ -1458,13 +1461,15 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
                        if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
                                free(s->s3->server_opaque_prf_input);
                        if (s->s3->server_opaque_prf_input_len == 0)
-                                s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->server_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);
+                                s->s3->server_opaque_prf_input =
+                                    BUF_memdup(sdata,
-                        if (s->s3->server_opaque_prf_input == NULL) {
+                                      s->s3->server_opaque_prf_input_len);
-                                *al = TLS1_AD_INTERNAL_ERROR;
+                                if (s->s3->server_opaque_prf_input == NULL) {
-                                return 0;
+                                        *al = TLS1_AD_INTERNAL_ERROR;
+                                        return 0;
+                                }
                        }
                }
 #endif
@@ -1639,12 +1644,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
                                free(s->s3->client_opaque_prf_input);
                        if (s->tlsext_opaque_prf_input_len == 0)
-                                s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                s->s3->client_opaque_prf_input = NULL;
-                        else
+                        else {
-                                s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                                s->s3->client_opaque_prf_input =
-                        if (s->s3->client_opaque_prf_input == NULL) {
+                                    BUF_memdup(s->tlsext_opaque_prf_input,
-                                SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);
+                                      s->tlsext_opaque_prf_input_len);
-                                return -1;
+                                if (s->s3->client_opaque_prf_input == NULL) {
+                                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
+                                            ERR_R_MALLOC_FAILURE);
+                                        return -1;
+                                }
                        }
                        s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
                }
@@ -1740,13 +1749,17 @@ ssl_check_clienthello_tlsext_early(SSL *s)
                                 * of the same length as the client opaque PRF input! */
                                if (s->tlsext_opaque_prf_input_len == 0)
-                                        s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */
+                                        s->s3->server_opaque_prf_input = NULL;
-                                else
+                                else {
-                                        s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);
+                                        s->s3->server_opaque_prf_input =
-                                if (s->s3->server_opaque_prf_input == NULL) {
+                                            BUF_memdup(s->tlsext_opaque_prf_input,
-                                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                              s->tlsext_opaque_prf_input_len);
-                                        al = SSL_AD_INTERNAL_ERROR;
+                                        if (s->s3->server_opaque_prf_input ==
-                                        goto err;
+                                            NULL) {
+                                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                                al = SSL_AD_INTERNAL_ERROR;
+                                                goto err;
+                                        }
                                }
                                s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
                        }

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 99298c1791..c45708bf78 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -1154,12 +1154,15 @@ ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d,
1154	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */	1154	if (s->s3->client_opaque_prf_input != NULL) /* shouldn't really happen */
1155	free(s->s3->client_opaque_prf_input);	1155	free(s->s3->client_opaque_prf_input);
1156	if (s->s3->client_opaque_prf_input_len == 0)	1156	if (s->s3->client_opaque_prf_input_len == 0)
1157	s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1157	s->s3->client_opaque_prf_input = NULL;
1158	else	1158	else {
1159	s->s3->client_opaque_prf_input = BUF_memdup(sdata, s->s3->client_opaque_prf_input_len);	1159	s->s3->client_opaque_prf_input =
1160	if (s->s3->client_opaque_prf_input == NULL) {	1160	BUF_memdup(sdata,
1161	*al = TLS1_AD_INTERNAL_ERROR;	1161	s->s3->client_opaque_prf_input_len);
1162	return 0;	1162	if (s->s3->client_opaque_prf_input == NULL) {
		1163	*al = TLS1_AD_INTERNAL_ERROR;
		1164	return 0;
		1165	}
1163	}	1166	}
1164	}	1167	}
1165	#endif	1168	#endif
@@ -1458,13 +1461,15 @@ ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d,
1458	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */	1461	if (s->s3->server_opaque_prf_input != NULL) /* shouldn't really happen */
1459	free(s->s3->server_opaque_prf_input);	1462	free(s->s3->server_opaque_prf_input);
1460	if (s->s3->server_opaque_prf_input_len == 0)	1463	if (s->s3->server_opaque_prf_input_len == 0)
1461	s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1464	s->s3->server_opaque_prf_input = NULL;
1462	else	1465	else {
1463	s->s3->server_opaque_prf_input = BUF_memdup(sdata, s->s3->server_opaque_prf_input_len);	1466	s->s3->server_opaque_prf_input =
1464		1467	BUF_memdup(sdata,
1465	if (s->s3->server_opaque_prf_input == NULL) {	1468	s->s3->server_opaque_prf_input_len);
1466	*al = TLS1_AD_INTERNAL_ERROR;	1469	if (s->s3->server_opaque_prf_input == NULL) {
1467	return 0;	1470	*al = TLS1_AD_INTERNAL_ERROR;
		1471	return 0;
		1472	}
1468	}	1473	}
1469	}	1474	}
1470	#endif	1475	#endif
@@ -1639,12 +1644,16 @@ ssl_prepare_clienthello_tlsext(SSL *s)
1639	free(s->s3->client_opaque_prf_input);	1644	free(s->s3->client_opaque_prf_input);
1640		1645
1641	if (s->tlsext_opaque_prf_input_len == 0)	1646	if (s->tlsext_opaque_prf_input_len == 0)
1642	s->s3->client_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1647	s->s3->client_opaque_prf_input = NULL;
1643	else	1648	else {
1644	s->s3->client_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);	1649	s->s3->client_opaque_prf_input =
1645	if (s->s3->client_opaque_prf_input == NULL) {	1650	BUF_memdup(s->tlsext_opaque_prf_input,
1646	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, ERR_R_MALLOC_FAILURE);	1651	s->tlsext_opaque_prf_input_len);
1647	return -1;	1652	if (s->s3->client_opaque_prf_input == NULL) {
		1653	SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
		1654	ERR_R_MALLOC_FAILURE);
		1655	return -1;
		1656	}
1648	}	1657	}
1649	s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1658	s->s3->client_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1650	}	1659	}
@@ -1740,13 +1749,17 @@ ssl_check_clienthello_tlsext_early(SSL *s)
1740	* of the same length as the client opaque PRF input! */	1749	* of the same length as the client opaque PRF input! */
1741		1750
1742	if (s->tlsext_opaque_prf_input_len == 0)	1751	if (s->tlsext_opaque_prf_input_len == 0)
1743	s->s3->server_opaque_prf_input = malloc(1); /* dummy byte just to get non-NULL */	1752	s->s3->server_opaque_prf_input = NULL;
1744	else	1753	else {
1745	s->s3->server_opaque_prf_input = BUF_memdup(s->tlsext_opaque_prf_input, s->tlsext_opaque_prf_input_len);	1754	s->s3->server_opaque_prf_input =
1746	if (s->s3->server_opaque_prf_input == NULL) {	1755	BUF_memdup(s->tlsext_opaque_prf_input,
1747	ret = SSL_TLSEXT_ERR_ALERT_FATAL;	1756	s->tlsext_opaque_prf_input_len);
1748	al = SSL_AD_INTERNAL_ERROR;	1757	if (s->s3->server_opaque_prf_input ==
1749	goto err;	1758	NULL) {
		1759	ret = SSL_TLSEXT_ERR_ALERT_FATAL;
		1760	al = SSL_AD_INTERNAL_ERROR;
		1761	goto err;
		1762	}
1750	}	1763	}
1751	s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;	1764	s->s3->server_opaque_prf_input_len = s->tlsext_opaque_prf_input_len;
1752	}	1765	}