Commit 3df16cc2 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

cleanse psk_identity on error 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
parent a784665e

ssl/s3_clnt.c

+6 −2
Original line number Original line Diff line number Diff line
@@ -2391,8 +2391,10 @@ int ssl3_send_client_key_exchange(SSL *s) 
            s->s3->tmp.psk = BUF_memdup(psk, psklen);

            s->s3->tmp.psk = BUF_memdup(psk, psklen);

            OPENSSL_cleanse(psk, psklen);

            OPENSSL_cleanse(psk, psklen);





            if (s->s3->tmp.psk == NULL)

            if (s->s3->tmp.psk == NULL) {

                OPENSSL_cleanse(identity, sizeof(identity));

                goto memerr;

                goto memerr;

            }





            s->s3->tmp.psklen = psklen;

            s->s3->tmp.psklen = psklen;
@@ -2404,8 +2406,10 @@ int ssl3_send_client_key_exchange(SSL *s) 
            }

            }

            OPENSSL_free(s->session->psk_identity);

            OPENSSL_free(s->session->psk_identity);

            s->session->psk_identity = BUF_strdup(identity);

            s->session->psk_identity = BUF_strdup(identity);

            if (s->session->psk_identity == NULL)

            if (s->session->psk_identity == NULL) {

                OPENSSL_cleanse(identity, sizeof(identity));

                goto memerr;

                goto memerr;

            }





            s2n(identitylen, p);

            s2n(identitylen, p);

            memcpy(p, identity, identitylen);

            memcpy(p, identity, identitylen);