wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix a NULL ptr deref in error path in tls_process_cke_dhe()

Browse source 
Fixes #6574

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6593)
This commit is contained in:
Matt Caswell 2018-06-26 15:40:54 +01:00
parent 5281bb2252
commit b6ff436fcb
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ssl/statem/statem_srvr.c
View file

@ -3129,14 +3129,13 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
SSL_R_BN_LIB);
goto err;
}
cdh = EVP_PKEY_get0_DH(ckey);
pub_key = BN_bin2bn(data, i, NULL);
if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
ERR_R_INTERNAL_ERROR);
if (pub_key != NULL)
BN_free(pub_key);
BN_free(pub_key);
goto err;
}