Avoid potential NULL pointer function calls in n_ssl3_mac() by checking

the return value of EVP_MD_CTX_copy_ex(). If the copy fails early then
EVP_DigestUpdate() will invoke md_ctx.update(), which will be a NULL
function pointer.

Analysis and patch from David Ramos.

ok deraadt@

1 files changed, 4 insertions, 2 deletions

diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index f4ac5222f3c..13ba633f492 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -762,7 +762,8 @@ n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
 		/* Chop the digest off the end :-) */
 		EVP_MD_CTX_init(&md_ctx);
 
-		EVP_MD_CTX_copy_ex(&md_ctx, hash);
+		if (!EVP_MD_CTX_copy_ex(&md_ctx, hash))
+			return (-1);
 		EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
 		EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
 		EVP_DigestUpdate(&md_ctx, seq, 8);
@@ -774,7 +775,8 @@ n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
 		EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
 		EVP_DigestFinal_ex(&md_ctx, md, NULL);
 
-		EVP_MD_CTX_copy_ex(&md_ctx, hash);
+		if (!EVP_MD_CTX_copy_ex(&md_ctx, hash))
+			return (-1);
 		EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
 		EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
 		EVP_DigestUpdate(&md_ctx, md, md_size);