- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the

allocation of the memory BIO was not being properly checked.
2009-03-08 22:56:55 +00:00 · 2009-03-08 22:56:55 +00:00 · f4e8c406bb
commit f4e8c406bb
parent 12bfcb501c
3 changed files with 7 additions and 0 deletions
--- a/3
+++ b/3
@ -7,6 +7,9 @@
                                  Changelog

 Daniel Stenberg (8 Mar 2009)
+- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
+  allocation of the memory BIO was not being properly checked.
+
 - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
  in the gnutls code where we were checking for negative values for errors,
  when the man pages state that GNUTLS_E_SUCCESS is returned on success and
--- a/1
+++ b/1
@ -16,6 +16,7 @@ This release includes the following bugfixes:

 o NTLM authentication memory leak on SSPI enabled Windows builds
 o fixed the GnuTLS-using code to do correct return code checks
+ o an alloc-related call in the OpenSSL-using code didn't check the return value

 This release includes the following known bugs:

--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -565,6 +565,9 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
  BUF_MEM *biomem;
  int rc;

+  if(!bio_out)
+    return 1; /* alloc failed! */
+
  rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_CPLUS_SPC);
  BIO_get_mem_ptr(bio_out, &biomem);