Fix missing NULL checks in NewSessionTicket construction

[openssl.git] / ssl / statem / statem_srvr.c

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b9eb6346d11b0da701dc6236d21b5be39c7d98cf..eae0e3cadcfc3ebde6e29daaf9fe406829ed683a 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2947,7 +2947,7 @@ int tls_construct_server_certificate(SSL *s)
 int tls_construct_new_session_ticket(SSL *s)
 {
     unsigned char *senc = NULL;
-    EVP_CIPHER_CTX *ctx;
+    EVP_CIPHER_CTX *ctx = NULL;
     HMAC_CTX *hctx = NULL;
     unsigned char *p, *macstart;
     const unsigned char *const_p;
@@ -2977,6 +2977,10 @@ int tls_construct_new_session_ticket(SSL *s)
 
     ctx = EVP_CIPHER_CTX_new();
     hctx = HMAC_CTX_new();
+    if (ctx == NULL || hctx == NULL) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
     p = senc;
     if (!i2d_SSL_SESSION(s->session, &p))