The branch OpenSSL_1_1_1-stable has been updated via 1711a62686e3d55767ba067a4fd1a18ceec69d3f (commit) from af0bab32273847c14ea7635f714466a5d497905c (commit)
- Log ----------------------------------------------------------------- commit 1711a62686e3d55767ba067a4fd1a18ceec69d3f Author: dyrock <zeyu...@gmail.com> Date: Mon Apr 15 11:01:58 2019 -0500 Check if num is 0 before trying to malloc memory. Otherwise for client hellos without extensions SSL_client_hello_get1_extensions_present will return MALLOC_FAILURE. Reviewed-by: Paul Yang <yang.y...@baishancloud.com> Reviewed-by: Ben Kaduk <ka...@mit.edu> Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8756) (cherry picked from commit 6fda11ae5a06e28fd9463e5afb60735d074904b3) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_CTX_set_client_hello_cb.pod | 2 ++ ssl/ssl_lib.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/doc/man3/SSL_CTX_set_client_hello_cb.pod b/doc/man3/SSL_CTX_set_client_hello_cb.pod index 6824b5b..585127d 100644 --- a/doc/man3/SSL_CTX_set_client_hello_cb.pod +++ b/doc/man3/SSL_CTX_set_client_hello_cb.pod @@ -65,6 +65,8 @@ both required, and on success the caller must release the storage allocated for B<*out> using OPENSSL_free(). The contents of B<*out> is an array of integers holding the numerical value of the TLS extension types in the order they appear in the ClientHello. B<*outlen> contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with B<*out> set to NULL and B<*outlen> set to 0. =head1 NOTES diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4440a9f..d7e1f32 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -5070,6 +5070,11 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) if (ext->present) num++; } + if (num == 0) { + *out = NULL; + *outlen = 0; + return 1; + } if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) { SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, ERR_R_MALLOC_FAILURE);