From aeece982185e5f1eb42ffba9239f1c8bfb662d81 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 30 Apr 2014 13:51:58 +0000
Subject: Avoid a potential null pointer dereference by checking that we
 actually managed to allocate a fragment, before trying to memcpy data into
 it.

ok miod@
---
 src/lib/libssl/d1_both.c         | 2 ++
 src/lib/libssl/src/ssl/d1_both.c | 2 ++
 2 files changed, 4 insertions(+)

(limited to 'src/lib/libssl')

diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index 7762ccdee6..db57bf9d3d 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	OPENSSL_assert(s->init_off == 0);
 
 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+	if (frag == NULL)
+		return 0;
 
 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index 7762ccdee6..db57bf9d3d 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -1137,6 +1137,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
 	OPENSSL_assert(s->init_off == 0);
 
 	frag = dtls1_hm_fragment_new(s->init_num, 0);
+	if (frag == NULL)
+		return 0;
 
 	memcpy(frag->fragment, s->init_buf->data, s->init_num);
 
-- 
cgit v1.2.3-55-g6feb