tls1_process_heartbeat: check for NULL after allocating buffer

Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-07 17:38:51 +01:00
parent fed5b55252
commit c27dc3981c
3 changed files with 7 additions and 0 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4003,6 +4003,11 @@ tls1_process_heartbeat(SSL *s)
 		 * payload, plus padding
 		 */
 		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+		if (buffer == NULL)
+			{
+			SSLerr(SSL_F_TLS1_PROCESS_HEARTBEAT,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
 		bp = buffer;
 		
 		/* Enter response type, length and copy payload */