From 47eb97a22f4397f7e4d7b37419d4c88e805cf71b Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 10 Dec 2014 15:43:31 +0000
Subject: ssl3_init_finished_mac() calls BIO_new() which can fail since it in
 turn calls malloc(). Instead of silently continuing on failure, check the
 return value of BIO_new() and propagate failure back to the caller for
 appropriate handling.

ok bcook@
---
 src/lib/libssl/d1_clnt.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/d1_clnt.c')

diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index a73995ccda..490e2849f1 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.39 2014/12/06 14:24:26 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.40 2014/12/10 15:43:31 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -310,7 +310,10 @@ dtls1_connect(SSL *s)
 			s->shutdown = 0;
 
 			/* every DTLS ClientHello resets Finished MAC */
-			ssl3_init_finished_mac(s);
+			if (!ssl3_init_finished_mac(s)) {
+				ret = -1;
+				goto end;
+			}
 
 			dtls1_start_timer(s);
 			ret = dtls1_client_hello(s);
-- 
cgit v1.2.3-55-g6feb