Add missing NULL checks for calls to ssl_replace_hash(). This function

calls EVP_MD_CTX_create(), which will return NULL if it fails to allocate memory. ok miod@
author: jsing <jsing@openbsd.org> 2014-05-29 08:47:56 +0000
committer: jsing <jsing@openbsd.org> 2014-05-29 08:47:56 +0000
commit: dc8da117a7f23ca93e38cb1ea084d4e00dd2f6c0 (patch)
tree: 703fba4ec9ac5ddd9e051bd151e010e64e756794 /lib/libssl/src
parent: Read MAXPHYS bytes at a time in the hibernate image read, instead of (diff)
download: wireguard-openbsd-dc8da117a7f23ca93e38cb1ea084d4e00dd2f6c0.tar.xz
wireguard-openbsd-dc8da117a7f23ca93e38cb1ea084d4e00dd2f6c0.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index aa729860feb..f3c641849a1 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -251,7 +251,9 @@ ssl3_change_cipher_state(SSL *s, int which)
 		}
 		dd = s->enc_read_ctx;
 
-		ssl_replace_hash(&s->read_hash, m);
+		if (ssl_replace_hash(&s->read_hash, m) == NULL)
+			goto err;
+
 #ifndef OPENSSL_NO_COMP
 		/* COMPRESS */
 		if (s->expand != NULL) {
@@ -282,7 +284,9 @@ ssl3_change_cipher_state(SSL *s, int which)
 			EVP_CIPHER_CTX_init(s->enc_write_ctx);
 		}
 		dd = s->enc_write_ctx;
-		ssl_replace_hash(&s->write_hash, m);
+		if (ssl_replace_hash(&s->write_hash, m) == NULL)
+			goto err;
+
 #ifndef OPENSSL_NO_COMP
 		/* COMPRESS */
 		if (s->compress != NULL) {
author	jsing <jsing@openbsd.org>	2014-05-29 08:47:56 +0000
committer	jsing <jsing@openbsd.org>	2014-05-29 08:47:56 +0000
commit	dc8da117a7f23ca93e38cb1ea084d4e00dd2f6c0 (patch)
tree	703fba4ec9ac5ddd9e051bd151e010e64e756794 /lib/libssl/src
parent	Read MAXPHYS bytes at a time in the hibernate image read, instead of (diff)
download	wireguard-openbsd-dc8da117a7f23ca93e38cb1ea084d4e00dd2f6c0.tar.xz wireguard-openbsd-dc8da117a7f23ca93e38cb1ea084d4e00dd2f6c0.zip