Commit d73ca3ef authored by Matt Caswell's avatar Matt Caswell
Browse files

Remove an NULL ptr deref in an error path 



The |passwd| variable in the code can be NULL if it goes to the err label.
Therefore we cannot call strlen on it without first checking that it is non
NULL.

Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
parent e4693b4e

ssl/tls_srp.c

+2 −1
Original line number Diff line number Diff line
@@ -393,6 +393,7 @@ int srp_generate_client_master_secret(SSL *s) 
 err:

    BN_clear_free(K);

    BN_clear_free(x);

    if (passwd != NULL)

        OPENSSL_clear_free(passwd, strlen(passwd));

    BN_clear_free(u);

    return ret;