tls1_heartbeat: check for NULL after allocating buf

[openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 86c06e2ba83929e97004bf8a1f69933134a2a9af..8d5fd12903c2b83c151c88f2ad88e105742bcf41 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3599,10 +3599,8 @@ static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg)
 const EVP_MD *tls12_get_hash(unsigned char hash_alg)
        {
        const tls12_hash_info *inf;
-#ifndef OPENSSL_FIPS
        if (hash_alg == TLSEXT_hash_md5 && FIPS_mode())
                return NULL;
-#endif
        inf = tls12_get_hash_info(hash_alg);
        if (!inf || !inf->mfunc)
                return NULL; 
@@ -4005,6 +4003,11 @@ tls1_process_heartbeat(SSL *s)
                 * payload, plus padding
                 */
                buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+               if (buffer == NULL)
+                       {
+                       SSLerr(SSL_F_TLS1_PROCESS_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+                       return -1;
+                       }
                bp = buffer;
                
                /* Enter response type, length and copy payload */
@@ -4091,6 +4094,11 @@ tls1_heartbeat(SSL *s)
         *  - Padding
         */
        buf = OPENSSL_malloc(1 + 2 + payload + padding);
+       if (buf == NULL)
+               {
+               SSLerr(SSL_F_TLS1_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+               return -1;
+               }
        p = buf;
        /* Message Type */
        *p++ = TLS1_HB_REQUEST;