From 11b7ce9aaed6e67e7fb23fa5c3febf635a5e7c81 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 28 May 2014 13:07:47 +0000
Subject: EVP_MD_CTX_create() calls malloc and can return NULL. However, only
 one of the calls in libssl actually checks the return value before using it.
 Add NULL checks for the remaining three calls.

ok miod@
---
 src/lib/libssl/s3_clnt.c         | 5 +++++
 src/lib/libssl/src/ssl/s3_clnt.c | 5 +++++
 src/lib/libssl/src/ssl/s3_enc.c  | 4 ++++
 src/lib/libssl/src/ssl/ssl_lib.c | 2 +-
 src/lib/libssl/ssl_lib.c         | 2 +-
 5 files changed, 16 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index ffbd83b060..602ab03fe1 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -2458,6 +2458,11 @@ ssl3_send_client_key_exchange(SSL *s)
 			 * context data
 			 */
 			ukm_hash = EVP_MD_CTX_create();
+			if (ukm_hash == NULL) {
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+				    ERR_R_MALLOC_FAILURE);
+				goto err;
+			}
 			EVP_DigestInit(ukm_hash,
 			    EVP_get_digestbynid(NID_id_GostR3411_94));
 			EVP_DigestUpdate(ukm_hash,
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index ffbd83b060..602ab03fe1 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -2458,6 +2458,11 @@ ssl3_send_client_key_exchange(SSL *s)
 			 * context data
 			 */
 			ukm_hash = EVP_MD_CTX_create();
+			if (ukm_hash == NULL) {
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+				    ERR_R_MALLOC_FAILURE);
+				goto err;
+			}
 			EVP_DigestInit(ukm_hash,
 			    EVP_get_digestbynid(NID_id_GostR3411_94));
 			EVP_DigestUpdate(ukm_hash,
diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index c9284c395f..aa729860fe 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -593,6 +593,10 @@ ssl3_digest_cached_records(SSL *s)
 	for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) {
 		if ((mask & ssl_get_algorithm2(s)) && md) {
 			s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
+			if (s->s3->handshake_dgst[i] == NULL) {
+				SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+				    ERR_R_MALLOC_FAILURE);
+			}
 			EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL);
 			EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
 		} else {
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index bf98354294..12d45ea025 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -3235,7 +3235,7 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
 {
 	ssl_clear_hash_ctx(hash);
 	*hash = EVP_MD_CTX_create();
-	if (md)
+	if (*hash != NULL && md != NULL)
 		EVP_DigestInit_ex(*hash, md, NULL);
 	return (*hash);
 }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index bf98354294..12d45ea025 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -3235,7 +3235,7 @@ ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
 {
 	ssl_clear_hash_ctx(hash);
 	*hash = EVP_MD_CTX_create();
-	if (md)
+	if (*hash != NULL && md != NULL)
 		EVP_DigestInit_ex(*hash, md, NULL);
 	return (*hash);
 }
-- 
cgit v1.2.3-55-g6feb