diff options
| author |   miod <miod@openbsd.org> | 2014-08-11 04:46:42 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2014-08-11 04:46:42 +0000 |
| commit | f6be578e73014ce256c026e85960821b8277157c (patch) | |
| tree | fbb104cfe3ffa680ce8d7e100e3be1ab2fae8bb3 /lib/libssl/src | |
| parent | Remove now-unused SSL2_STATE as well as ssl2-specific state machine values. (diff) | |
| download | wireguard-openbsd-f6be578e73014ce256c026e85960821b8277157c.tar.xz wireguard-openbsd-f6be578e73014ce256c026e85960821b8277157c.zip | |
Unchecked memory allocation and potential leak upon error in
ssl3_get_cert_verify().
ok guenther@ jsing@
Diffstat (limited to 'lib/libssl/src')
| -rw-r--r-- | lib/libssl/src/ssl/s3_srvr.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c index 7b29ec41c83..574910cda65 100644 --- a/lib/libssl/src/ssl/s3_srvr.c +++ b/lib/libssl/src/ssl/s3_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_srvr.c,v 1.80 2014/08/10 14:42:56 jsing Exp $ */ +/* $OpenBSD: s3_srvr.c,v 1.81 2014/08/11 04:46:42 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -2444,17 +2444,24 @@ ssl3_get_cert_verify(SSL *s) pkey->type == NID_id_GostR3410_2001) { unsigned char signature[64]; int idx; - EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_PKEY_verify_init(pctx); + EVP_PKEY_CTX *pctx; + if (i != 64) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE); al = SSL_AD_DECODE_ERROR; goto f_err; } - for (idx = 0; idx < 64; idx++) { - signature[63 - idx] = p[idx]; + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (pctx == NULL) { + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, + ERR_R_INTERNAL_ERROR); + al = SSL_AD_DECODE_ERROR; + goto f_err; } + EVP_PKEY_verify_init(pctx); + for (idx = 0; idx < 64; idx++) + signature[63 - idx] = p[idx]; j = EVP_PKEY_verify(pctx, signature, 64, s->s3->tmp.cert_verify_md, 32); EVP_PKEY_CTX_free(pctx); |