From 2ad70e8a88961d1009c50ccc6d5ee104299eebde Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 29 May 2014 08:47:56 +0000
Subject: Add missing NULL checks for calls to ssl_replace_hash(). This
 function calls EVP_MD_CTX_create(), which will return NULL if it fails to
 allocate memory.

ok miod@
---
 src/lib/libssl/src/ssl/s3_enc.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/src/ssl/s3_enc.c b/src/lib/libssl/src/ssl/s3_enc.c
index aa729860fe..f3c641849a 100644
--- a/src/lib/libssl/src/ssl/s3_enc.c
+++ b/src/lib/libssl/src/ssl/s3_enc.c
@@ -251,7 +251,9 @@ ssl3_change_cipher_state(SSL *s, int which)
 		}
 		dd = s->enc_read_ctx;
 
-		ssl_replace_hash(&s->read_hash, m);
+		if (ssl_replace_hash(&s->read_hash, m) == NULL)
+			goto err;
+
 #ifndef OPENSSL_NO_COMP
 		/* COMPRESS */
 		if (s->expand != NULL) {
@@ -282,7 +284,9 @@ ssl3_change_cipher_state(SSL *s, int which)
 			EVP_CIPHER_CTX_init(s->enc_write_ctx);
 		}
 		dd = s->enc_write_ctx;
-		ssl_replace_hash(&s->write_hash, m);
+		if (ssl_replace_hash(&s->write_hash, m) == NULL)
+			goto err;
+
 #ifndef OPENSSL_NO_COMP
 		/* COMPRESS */
 		if (s->compress != NULL) {
-- 
cgit v1.2.3-55-g6feb