From 1007a1f86697c5f72aaa723eea397d758e2f031d Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 22 Aug 2015 14:51:34 +0000
Subject: SSL_set_app_data is a macro for SSL_set_ex_data(), which is a wrapper
 around CRYPTO_set_ex_data(), which can fail. Since this is the case, check
 the return value of CRYPTO_set_ex_data^WSSL_set_ex_data^WSSL_set_app_data.

---
 src/lib/libtls/tls_client.c | 8 +++++---
 src/lib/libtls/tls_server.c | 8 +++++---
 2 files changed, 10 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 295e76c60d..442ba4321e 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.18 2015/08/22 14:40:25 jsing Exp $ */
+/* $OpenBSD: tls_client.c,v 1.19 2015/08/22 14:51:34 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -225,8 +225,10 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
 		tls_set_error(ctx, "ssl connection failure");
 		goto err;
 	}
-	SSL_set_app_data(ctx->ssl_conn, ctx);
-
+	if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
+		tls_set_error(ctx, "ssl application data failure");
+		goto err;
+	}
 	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
 	    SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
 		tls_set_error(ctx, "ssl file descriptor failure");
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 55b19e472c..7308171452 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.7 2015/03/31 14:03:38 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.8 2015/08/22 14:51:34 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -120,13 +120,15 @@ tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
 			tls_set_error(ctx, "ssl failure");
 			goto err;
 		}
-
+		if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
+			tls_set_error(ctx, "ssl application data failure");
+			goto err;
+		}
 		if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
 		    SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
 			tls_set_error(ctx, "ssl set fd failure");
 			goto err;
 		}
-		SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx);
 	}
 
 	if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
-- 
cgit v1.2.3-55-g6feb