Fix missing NULL checks in NewSessionTicket construction (6b02b586) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

include/openssl/ssl.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -2231,6 +2231,7 @@ int ERR_load_SSL_strings(void);
		# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358
		# define SSL_F_TLS_CONSTRUCT_FINISHED 359
		# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373
		# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428
		# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374
		# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375
		# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376

+2 −0

Original line number	Diff line number	Diff line
		@@ -256,6 +256,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_FINISHED), "tls_construct_finished"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_HELLO_REQUEST),
		"tls_construct_hello_request"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET),
		"tls_construct_new_session_ticket"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE),
		"tls_construct_server_certificate"},
		{ERR_FUNC(SSL_F_TLS_CONSTRUCT_SERVER_DONE), "tls_construct_server_done"},

+5 −1

Original line number	Diff line number	Diff line
		@@ -2982,7 +2982,7 @@ int tls_construct_server_certificate(SSL *s)
		int tls_construct_new_session_ticket(SSL *s)
		{
		unsigned char *senc = NULL;
		EVP_CIPHER_CTX *ctx;
		EVP_CIPHER_CTX *ctx = NULL;
		HMAC_CTX *hctx = NULL;
		unsigned char p, macstart;
		const unsigned char *const_p;
		@@ -3012,6 +3012,10 @@ int tls_construct_new_session_ticket(SSL *s)

		ctx = EVP_CIPHER_CTX_new();
		hctx = HMAC_CTX_new();
		if (ctx == NULL \|\| hctx == NULL) {
		SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
		goto err;
		}

		p = senc;
		if (!i2d_SSL_SESSION(s->session, &p))