Commit c27dc398 authored Dec 07, 2014 by Jonas Maebe Committed by Kurt Roeckx Dec 10, 2014

tls1_process_heartbeat: check for NULL after allocating buffer



Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>

parent fed5b552

ssl/ssl.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -2732,6 +2732,7 @@ void ERR_load_SSL_strings(void);
		#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275
		#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276
		#define SSL_F_TLS1_PRF 284
		#define SSL_F_TLS1_PROCESS_HEARTBEAT 341
		#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
		#define SSL_F_TLS1_SET_SERVER_SIGALGS 335

ssl/ssl_err.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -273,6 +273,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
		{ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT), "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
		{ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT), "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
		{ERR_FUNC(SSL_F_TLS1_PRF), "tls1_prf"},
		{ERR_FUNC(SSL_F_TLS1_PROCESS_HEARTBEAT), "tls1_process_heartbeat"},
		{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
		{ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS), "tls1_set_server_sigalgs"},
		{0,NULL}

ssl/t1_lib.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -4003,6 +4003,11 @@ tls1_process_heartbeat(SSL *s)
		* payload, plus padding
		*/
		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
		if (buffer == NULL)
		{
		SSLerr(SSL_F_TLS1_PROCESS_HEARTBEAT,ERR_R_MALLOC_FAILURE);
		return -1;
		}
		bp = buffer;

		/* Enter response type, length and copy payload */