memset, memcpy, sizeof consistency fixes

[openssl.git] / ssl / ssl_sess.c

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 483c7787a22a6a0812b815795694200e88add28e..4e73f047e0357af02ac9ddaf11553326281b4f71 100644 (file)
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -193,12 +193,12 @@ SSL_SESSION *SSL_SESSION_new(void)
 {
     SSL_SESSION *ss;
 
-    ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
+    ss = OPENSSL_malloc(sizeof(*ss));
     if (ss == NULL) {
         SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
         return (0);
     }
-    memset(ss, 0, sizeof(SSL_SESSION));
+    memset(ss, 0, sizeof(*ss));
 
     ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
     ss->references = 1;
@@ -439,7 +439,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
     int r;
 #endif
 
-    if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+    if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
         goto err;
 
     if (session_id + len > limit) {
@@ -732,36 +732,26 @@ void SSL_SESSION_free(SSL_SESSION *ss)
     OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
     OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
     ssl_sess_cert_free(ss->sess_cert);
-    if (ss->peer != NULL)
-        X509_free(ss->peer);
-    if (ss->ciphers != NULL)
-        sk_SSL_CIPHER_free(ss->ciphers);
+    X509_free(ss->peer);
+    sk_SSL_CIPHER_free(ss->ciphers);
 #ifndef OPENSSL_NO_TLSEXT
-    if (ss->tlsext_hostname != NULL)
-        OPENSSL_free(ss->tlsext_hostname);
-    if (ss->tlsext_tick != NULL)
-        OPENSSL_free(ss->tlsext_tick);
+    OPENSSL_free(ss->tlsext_hostname);
+    OPENSSL_free(ss->tlsext_tick);
 # ifndef OPENSSL_NO_EC
     ss->tlsext_ecpointformatlist_length = 0;
-    if (ss->tlsext_ecpointformatlist != NULL)
-        OPENSSL_free(ss->tlsext_ecpointformatlist);
+    OPENSSL_free(ss->tlsext_ecpointformatlist);
     ss->tlsext_ellipticcurvelist_length = 0;
-    if (ss->tlsext_ellipticcurvelist != NULL)
-        OPENSSL_free(ss->tlsext_ellipticcurvelist);
+    OPENSSL_free(ss->tlsext_ellipticcurvelist);
 # endif                         /* OPENSSL_NO_EC */
 #endif
 #ifndef OPENSSL_NO_PSK
-    if (ss->psk_identity_hint != NULL)
-        OPENSSL_free(ss->psk_identity_hint);
-    if (ss->psk_identity != NULL)
-        OPENSSL_free(ss->psk_identity);
+    OPENSSL_free(ss->psk_identity_hint);
+    OPENSSL_free(ss->psk_identity);
 #endif
 #ifndef OPENSSL_NO_SRP
-    if (ss->srp_username != NULL)
-        OPENSSL_free(ss->srp_username);
+    OPENSSL_free(ss->srp_username);
 #endif
-    OPENSSL_cleanse(ss, sizeof(*ss));
-    OPENSSL_free(ss);
+    OPENSSL_clear_free(ss, sizeof(*ss));
 }
 
 int SSL_set_session(SSL *s, SSL_SESSION *session)
@@ -786,7 +776,7 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
         if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
             session->krb5_client_princ_len > 0) {
             s->kssl_ctx->client_princ =
-                (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
+                OPENSSL_malloc(session->krb5_client_princ_len + 1);
             if (s->kssl_ctx->client_princ == NULL) {
                 SSLerr(SSL_F_SSL_SET_SESSION, ERR_R_MALLOC_FAILURE);
                 return (0);
@@ -933,11 +923,8 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
 {
     if (s->version >= TLS1_VERSION) {
-        if (s->tlsext_session_ticket) {
-            OPENSSL_free(s->tlsext_session_ticket);
-            s->tlsext_session_ticket = NULL;
-        }
-
+        OPENSSL_free(s->tlsext_session_ticket);
+        s->tlsext_session_ticket = NULL;
         s->tlsext_session_ticket =
             OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
         if (!s->tlsext_session_ticket) {