diff --git a/ChangeLog b/ChangeLog index 13f4e5a95..8fd198d4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,9 @@ Bugfix Alex Wilson.) * ssl_init() was leaving a dirty pointer in ssl_context if malloc of out_ctr failed + * ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc + of one of them failed + = Version 1.2.10 released 2013-10-07 Changes diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4704b4416..95ee96710 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2959,17 +2959,29 @@ int ssl_handshake_init( ssl_context *ssl ) if( ssl->transform_negotiate ) ssl_transform_free( ssl->transform_negotiate ); else + { ssl->transform_negotiate = malloc( sizeof(ssl_transform) ); + if( ssl->transform_negotiate != NULL ) + memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) ); + } if( ssl->session_negotiate ) ssl_session_free( ssl->session_negotiate ); else + { ssl->session_negotiate = malloc( sizeof(ssl_session) ); + if( ssl->session_negotiate != NULL ) + memset( ssl->session_negotiate, 0, sizeof(ssl_session) ); + } if( ssl->handshake ) ssl_handshake_free( ssl->handshake ); else + { ssl->handshake = malloc( sizeof(ssl_handshake_params) ); + if( ssl->handshake != NULL ) + memset( ssl->handshake, 0, sizeof(ssl_handshake_params) ); + } if( ssl->handshake == NULL || ssl->transform_negotiate == NULL || @@ -2979,10 +2991,6 @@ int ssl_handshake_init( ssl_context *ssl ) return( POLARSSL_ERR_SSL_MALLOC_FAILED ); } - memset( ssl->handshake, 0, sizeof(ssl_handshake_params) ); - memset( ssl->transform_negotiate, 0, sizeof(ssl_transform) ); - memset( ssl->session_negotiate, 0, sizeof(ssl_session) ); - md5_starts( &ssl->handshake->fin_md5 ); sha1_starts( &ssl->handshake->fin_sha1 ); sha2_starts( &ssl->handshake->fin_sha2, 0 );