From: Kevin McCarthy <kevin@8t8.us>
Date: Mon, 11 Apr 2016 02:10:17 +0000 (-0700)
Subject: Check for SSL_CTX_new returning NULL in ssl_sock_open().  (closes #3831)
X-Git-Tag: neomutt-20160822~178
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bc03749639f16f7a4a5adc7a820b2b40faa68623;p=neomutt

Check for SSL_CTX_new returning NULL in ssl_sock_open().  (closes #3831)

Thanks to Yuan Kang and the security researchers at Columbia
University and the University of Virginia for reporting the bug.
---

diff --git a/mutt_ssl.c b/mutt_ssl.c
index a6cdd10f0..da5efa8ba 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -334,7 +334,11 @@ static int ssl_socket_open (CONNECTION * conn)
   data = (sslsockdata *) safe_calloc (1, sizeof (sslsockdata));
   conn->sockdata = data;
 
-  data->ctx = SSL_CTX_new (SSLv23_client_method ());
+  if (! (data->ctx = SSL_CTX_new (SSLv23_client_method ())))
+  {
+    mutt_socket_close (conn);
+    return -1;
+  }
 
   /* disable SSL protocols as needed */
   if (!option(OPTTLSV1))