generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cleanse psk_identity on error

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-07-28 16:13:29 +01:00
parent a784665e52
commit 3df16cc2e2
1 changed files with 6 additions and 2 deletions

8
ssl/s3_clnt.c

@ -2391,8 +2391,10 @@ int ssl3_send_client_key_exchange(SSL *s)
s->s3->tmp.psk = BUF_memdup(psk, psklen); s->s3->tmp.psk = BUF_memdup(psk, psklen);
OPENSSL_cleanse(psk, psklen); OPENSSL_cleanse(psk, psklen);
if (s->s3->tmp.psk == NULL) if (s->s3->tmp.psk == NULL) {
OPENSSL_cleanse(identity, sizeof(identity));
goto memerr; goto memerr;
}
s->s3->tmp.psklen = psklen; s->s3->tmp.psklen = psklen;
@ -2404,8 +2406,10 @@ int ssl3_send_client_key_exchange(SSL *s)
} }
OPENSSL_free(s->session->psk_identity); OPENSSL_free(s->session->psk_identity);
s->session->psk_identity = BUF_strdup(identity); s->session->psk_identity = BUF_strdup(identity);
if (s->session->psk_identity == NULL) if (s->session->psk_identity == NULL) {
OPENSSL_cleanse(identity, sizeof(identity));
goto memerr; goto memerr;
}
s2n(identitylen, p); s2n(identitylen, p);
memcpy(p, identity, identitylen); memcpy(p, identity, identitylen);