Commit 1711a626 authored Apr 15, 2019 by dyrock Committed by Matt Caswell Apr 19, 2019

Check if num is 0 before trying to malloc memory. Otherwise for client hellos...


Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8756)

(cherry picked from commit 6fda11ae5a06e28fd9463e5afb60735d074904b3)

parent af0bab32

doc/man3/SSL_CTX_set_client_hello_cb.pod

+2 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,8 @@ both required, and on success the caller must release the storage allocated for
		B<out> using OPENSSL_free(). The contents of B<out> is an array of integers
		holding the numerical value of the TLS extension types in the order they appear
		in the ClientHello. B<*outlen> contains the number of elements in the array.
		In situations when the ClientHello has no extensions, the function will return
		success with B<out> set to NULL and B<outlen> set to 0.

		=head1 NOTES

ssl/ssl_lib.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -5070,6 +5070,11 @@ int SSL_client_hello_get1_extensions_present(SSL s, int out, size_t outlen)
		if (ext->present)
		num++;
		}
		if (num == 0) {
		*out = NULL;
		*outlen = 0;
		return 1;
		}
		if ((present = OPENSSL_malloc(sizeof(present) num)) == NULL) {
		SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
		ERR_R_MALLOC_FAILURE);