tls1_process_heartbeat: check for NULL after allocating buffer
authorJonas Maebe <jonas.maebe@elis.ugent.be>
Sun, 7 Dec 2014 16:38:51 +0000 (17:38 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Wed, 10 Dec 2014 17:35:18 +0000 (18:35 +0100)
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
ssl/ssl.h
ssl/ssl_err.c
ssl/t1_lib.c

index 61c9890..51b8df0 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2732,6 +2732,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT           275
 #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT           276
 #define SSL_F_TLS1_PRF                                  284
+#define SSL_F_TLS1_PROCESS_HEARTBEAT                    341
 #define SSL_F_TLS1_SETUP_KEY_BLOCK                      211
 #define SSL_F_TLS1_SET_SERVER_SIGALGS                   335
 
index 00c4bc8..5f8c075 100644 (file)
@@ -273,6 +273,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),      "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),      "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_PRF),     "tls1_prf"},
+{ERR_FUNC(SSL_F_TLS1_PROCESS_HEARTBEAT),       "tls1_process_heartbeat"},
 {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "tls1_setup_key_block"},
 {ERR_FUNC(SSL_F_TLS1_SET_SERVER_SIGALGS),      "tls1_set_server_sigalgs"},
 {0,NULL}
index 891cd1f..4133c43 100644 (file)
@@ -4003,6 +4003,11 @@ tls1_process_heartbeat(SSL *s)
                 * payload, plus padding
                 */
                buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+               if (buffer == NULL)
+                       {
+                       SSLerr(SSL_F_TLS1_PROCESS_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+                       return -1;
+                       }
                bp = buffer;
                
                /* Enter response type, length and copy payload */