generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure that memory allocated for the ticket is freed

Browse Source 
If a call to EVP_DecryptUpdate fails then a memory leak could occur.
Ensure that the memory is freed appropriately.

Issue reported by Guido Vranken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Matt Caswell 2016-03-15 11:38:56 +00:00
parent 4161523ecd
commit d31b25138f
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/t1_lib.c
View File

@ -2321,8 +2321,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
sdec = OPENSSL_malloc(eticklen); sdec = OPENSSL_malloc(eticklen);
if (!sdec || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) { if (sdec == NULL
|| EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) {
EVP_CIPHER_CTX_cleanup(&ctx); EVP_CIPHER_CTX_cleanup(&ctx);
OPENSSL_free(sdec);
return -1; return -1;
} }
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) { if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {