- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the

  allocation of the memory BIO was not being properly checked.

diff --git a/CHANGES b/CHANGES
index fef130a056734d5f895b34cc8b7c0b48cd33e12b..f6bfb7988e9bb7c67a85cfd643f5626122f12d74 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,9 @@
                                   Changelog
 
 Daniel Stenberg (8 Mar 2009)
+- Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
+  allocation of the memory BIO was not being properly checked.
+
 - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
   in the gnutls code where we were checking for negative values for errors,
   when the man pages state that GNUTLS_E_SUCCESS is returned on success and

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index f0fbefacd5e95de02326a2a6e64149f8ea3dd19b..3dbc5bece8c716664950e1cda1804a615c2a3ec3 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -16,6 +16,7 @@ This release includes the following bugfixes:
 
  o NTLM authentication memory leak on SSPI enabled Windows builds
  o fixed the GnuTLS-using code to do correct return code checks
+ o an alloc-related call in the OpenSSL-using code didn't check the return value
 
 This release includes the following known bugs:
 

diff --git a/lib/ssluse.c b/lib/ssluse.c
index cb2a2163d8dc336a7a6920e1ee8705e29b4133df..eb645d5e7e8713ff947bde8c2e21f797ae9fcc03 100644 (file)
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -565,6 +565,9 @@ static int x509_name_oneline(X509_NAME *a, char *buf, size_t size)
   BUF_MEM *biomem;
   int rc;
 
+  if(!bio_out)
+    return 1; /* alloc failed! */
+
   rc = X509_NAME_print_ex(bio_out, a, 0, XN_FLAG_SEP_CPLUS_SPC);
   BIO_get_mem_ptr(bio_out, &biomem);