X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs2_enc.c;h=1f62acd5b1e6fb1199c350ffe2452e8c51689a7b;hp=690252e3d312fbd65bafca9d4db7b1e5823b5e4b;hb=ccae144d62e8de651d7398d27a3a56e6402ea892;hpb=5574e0ed417c9a09487a270fec3df34d3094f5c6

diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index 690252e3d3..1f62acd5b1 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -82,23 +82,28 @@ int ssl2_enc_init(SSL *s, int client)
 		((s->enc_read_ctx=(EVP_CIPHER_CTX *)
 		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 		goto err;
+
+	/* make sure it's intialized in case the malloc for enc_write_ctx fails
+	 * and we exit with an error */
+	rs= s->enc_read_ctx;
+	EVP_CIPHER_CTX_init(rs);
+
 	if ((s->enc_write_ctx == NULL) &&
 		((s->enc_write_ctx=(EVP_CIPHER_CTX *)
 		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 		goto err;
 
-	rs= s->enc_read_ctx;
 	ws= s->enc_write_ctx;
-
-	EVP_CIPHER_CTX_init(rs);
 	EVP_CIPHER_CTX_init(ws);
 
 	num=c->key_len;
 	s->s2->key_material_length=num*2;
+	OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
 
 	if (ssl2_generate_key_material(s) <= 0)
 		return 0;
 
+	OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
 	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
 		s->session->key_arg);
 	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),