tls1_heartbeat: check for NULL after allocating buf
authorJonas Maebe <jonas.maebe@elis.ugent.be>
Mon, 9 Dec 2013 16:21:43 +0000 (17:21 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Wed, 10 Dec 2014 17:35:18 +0000 (18:35 +0100)
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/t1_lib.c

index 4133c43..8d5fd12 100644 (file)
@@ -4094,6 +4094,11 @@ tls1_heartbeat(SSL *s)
         *  - Padding
         */
        buf = OPENSSL_malloc(1 + 2 + payload + padding);
+       if (buf == NULL)
+               {
+               SSLerr(SSL_F_TLS1_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+               return -1;
+               }
        p = buf;
        /* Message Type */
        *p++ = TLS1_HB_REQUEST;