Fix a NULL ptr deref in error path in tls_process_cke_dhe() (b6ff436f) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/statem/statem_srvr.c

+3 −4

Original line number	Diff line number	Diff line
		@@ -3129,13 +3129,12 @@ static int tls_process_cke_dhe(SSL s, PACKET pkt)
		SSL_R_BN_LIB);
		goto err;
		}

		cdh = EVP_PKEY_get0_DH(ckey);
		pub_key = BN_bin2bn(data, i, NULL);

		if (pub_key == NULL \|\| !DH_set0_key(cdh, pub_key, NULL)) {
		if (pub_key == NULL \|\| cdh == NULL \|\| !DH_set0_key(cdh, pub_key, NULL)) {
		SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
		ERR_R_INTERNAL_ERROR);
		if (pub_key != NULL)
		BN_free(pub_key);
		goto err;
		}