Commit a6fd7c1d authored by Bernd Edlinger's avatar Bernd Edlinger Committed by Richard Levitte
Browse files

fix a memory leak in ssl3_generate_key_block fix the error handling in ssl3_change_cipher_state 



Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2164)
parent 57a19206

ssl/s3_enc.c

+4 −3
Original line number Diff line number Diff line
@@ -61,10 +61,10 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) 
    EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);

    for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {

        k++;

        if (k > sizeof buf) {

        if (k > sizeof(buf)) {

            /* bug: 'buf' is too small for this ciphersuite */

            SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);

            return 0;

            goto err;

        }



        for (j = 0; j < k; j++)
@@ -227,7 +227,8 @@ int ssl3_change_cipher_state(SSL *s, int which) 


    memcpy(mac_secret, ms, i);



    EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));

    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE)))

        goto err2;



#ifdef OPENSSL_SSL_TRACE_CRYPTO

    if (s->msg_callback) {