From 48a7cfe4f2130f1684b58c47235f0801f991bf8a Mon Sep 17 00:00:00 2001
From: logan <logan@openbsd.org>
Date: Tue, 10 Jun 2014 18:00:59 +0000
Subject: Check return value of EVP_MD_CTX_copy_ex() in ssl3_handshake_mac() to
 avoid potential null pointer dereference.

Based on david ramos work.

OK from miod@ and jsing@
---
 lib/libssl/src/ssl/s3_enc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/libssl/src')

diff --git a/lib/libssl/src/ssl/s3_enc.c b/lib/libssl/src/ssl/s3_enc.c
index 8f88a4a88df..71a3155c604 100644
--- a/lib/libssl/src/ssl/s3_enc.c
+++ b/lib/libssl/src/ssl/s3_enc.c
@@ -668,7 +668,9 @@ ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
 	}
 	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	EVP_MD_CTX_copy_ex(&ctx, d);
+
+	if (!EVP_MD_CTX_copy_ex(&ctx, d))
+		return 0;
 	n = EVP_MD_CTX_size(&ctx);
 	if (n < 0)
 		return 0;
-- 
cgit v1.2.3-59-g8ed1b