possible NULL ptr bug of openssl 1.0.0 stable 20091026

Zhongxing Xu Mon, 26 Oct 2009 01:15:27 -0700

openssl-1.0.0-stable-SNAP-20091026/ssl/t1_lib.c:657

case TLSEXT_NAMETYPE_host_name:
                                        if (s->session->tlsext_hostname == NULL)
                                                {
                                                if (len > 
TLSEXT_MAXLEN_host_name ||
                                                        
((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
                                                        {
                                                        *al = 
TLS1_AD_UNRECOGNIZED_NAME;
                                                        return 0;
                                                        }
                                                
memcpy(s->session->tlsext_hostname, sdata, len);


s->session->tlsext_hostname might be NULL. memcpy() cannot take NULL
as dest pointer.

-Zhongxing Xu
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

possible NULL ptr bug of openssl 1.0.0 stable 20091026

Reply via email to