{
SSL_SESSION *ss;
- ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
+ ss = OPENSSL_malloc(sizeof(*ss));
if (ss == NULL) {
SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
return (0);
}
- memset(ss, 0, sizeof(SSL_SESSION));
+ memset(ss, 0, sizeof(*ss));
ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
ss->references = 1;
int r;
#endif
- if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+ if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH)
goto err;
if (session_id + len > limit) {
OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
ssl_sess_cert_free(ss->sess_cert);
- if (ss->peer != NULL)
- X509_free(ss->peer);
- if (ss->ciphers != NULL)
- sk_SSL_CIPHER_free(ss->ciphers);
+ X509_free(ss->peer);
+ sk_SSL_CIPHER_free(ss->ciphers);
#ifndef OPENSSL_NO_TLSEXT
- if (ss->tlsext_hostname != NULL)
- OPENSSL_free(ss->tlsext_hostname);
- if (ss->tlsext_tick != NULL)
- OPENSSL_free(ss->tlsext_tick);
+ OPENSSL_free(ss->tlsext_hostname);
+ OPENSSL_free(ss->tlsext_tick);
# ifndef OPENSSL_NO_EC
ss->tlsext_ecpointformatlist_length = 0;
- if (ss->tlsext_ecpointformatlist != NULL)
- OPENSSL_free(ss->tlsext_ecpointformatlist);
+ OPENSSL_free(ss->tlsext_ecpointformatlist);
ss->tlsext_ellipticcurvelist_length = 0;
- if (ss->tlsext_ellipticcurvelist != NULL)
- OPENSSL_free(ss->tlsext_ellipticcurvelist);
+ OPENSSL_free(ss->tlsext_ellipticcurvelist);
# endif /* OPENSSL_NO_EC */
#endif
#ifndef OPENSSL_NO_PSK
- if (ss->psk_identity_hint != NULL)
- OPENSSL_free(ss->psk_identity_hint);
- if (ss->psk_identity != NULL)
- OPENSSL_free(ss->psk_identity);
+ OPENSSL_free(ss->psk_identity_hint);
+ OPENSSL_free(ss->psk_identity);
#endif
#ifndef OPENSSL_NO_SRP
- if (ss->srp_username != NULL)
- OPENSSL_free(ss->srp_username);
+ OPENSSL_free(ss->srp_username);
#endif
- OPENSSL_cleanse(ss, sizeof(*ss));
- OPENSSL_free(ss);
+ OPENSSL_clear_free(ss, sizeof(*ss));
}
int SSL_set_session(SSL *s, SSL_SESSION *session)
if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
session->krb5_client_princ_len > 0) {
s->kssl_ctx->client_princ =
- (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
+ OPENSSL_malloc(session->krb5_client_princ_len + 1);
if (s->kssl_ctx->client_princ == NULL) {
SSLerr(SSL_F_SSL_SET_SESSION, ERR_R_MALLOC_FAILURE);
return (0);
int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
{
if (s->version >= TLS1_VERSION) {
- if (s->tlsext_session_ticket) {
- OPENSSL_free(s->tlsext_session_ticket);
- s->tlsext_session_ticket = NULL;
- }
-
+ OPENSSL_free(s->tlsext_session_ticket);
+ s->tlsext_session_ticket = NULL;
s->tlsext_session_ticket =
OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
if (!s->tlsext_session_ticket) {