Add a missing check on s->s3->tmp.pkey
authorMansour Ahmadi <m.ahmadi@northeastern.edu>
Mon, 15 Oct 2018 19:11:24 +0000 (15:11 -0400)
committerMatt Caswell <matt@openssl.org>
Wed, 17 Oct 2018 08:29:50 +0000 (09:29 +0100)
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7405)

(cherry picked from commit 61bef9bde09dc6099a7c59baa79898e3b003fec3)

ssl/statem/statem_srvr.c

index 95f83c8..ac5fd09 100644 (file)
@@ -3224,6 +3224,12 @@ static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
                      SSL_R_LENGTH_MISMATCH);
             goto err;
         }
+        if (skey == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     SSL_R_MISSING_TMP_ECDH_KEY);
+            goto err;
+        }
+
         ckey = EVP_PKEY_new();
         if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,