From 0bbbe9791a98bb8d5aeb999bf0ca439216d92e77 Mon Sep 17 00:00:00 2001
From: logan <>
Date: Tue, 10 Jun 2014 18:00:59 +0000
Subject: Check return value of EVP_MD_CTX_copy_ex() in ssl3_handshake_mac() to
 avoid potential null pointer dereference.

Based on david ramos work.

OK from miod@ and jsing@
---
 src/lib/libssl/src/ssl/s3_enc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index 8f88a4a88d..71a3155c60 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -668,7 +668,9 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
 	}
 	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	EVP_MD_CTX_copy_ex(&ctx, d);
+
+	if (!EVP_MD_CTX_copy_ex(&ctx, d))
+		return 0;
 	n = EVP_MD_CTX_size(&ctx);
 	if (n < 0)
 		return 0;
-- 
cgit v1.2.3-55-g6feb