generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 2009

Browse Source 
Submitted by: "Alexei Khlebnikov" <alexei.khlebnikov@opera.com>
Approved by: steve@openssl.org

Avoid memory leak and fix error reporting in d2i_SSL_SESSION(). NB: although
the ticket mentions buffer overruns this isn't a security issue because
the SSL_SESSION structure is generated internally and it should never be
possible to supply its contents from an untrusted application (this would
among other things destroy session cache security).
This commit is contained in:
Dr. Stephen Henson 2009-09-02 13:20:32 +00:00
parent 70dc09ebe4
commit 3d9b105fe0
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssl/ssl_asn1.c
View File

@ -413,8 +413,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
}
else
{
SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
return(NULL);
c.error=SSL_R_UNKNOWN_SSL_VERSION;
goto err;
}
ret->cipher=NULL;
@ -505,8 +505,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
{
if (os.length > SSL_MAX_SID_CTX_LENGTH)
{
ret->sid_ctx_length=os.length;
SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
c.error=SSL_R_BAD_LENGTH;
goto err;
}
else
{