Fix double-frees on malloc failure in ssl3_get_client_key_exchange.
If generating the master secret or applying the PSK post-processing fails,
we'll double-free all the ECDH state.
Change-Id: Id52931af73bdef5eceb06f7e64d32fdda629521e
Reviewed-on: https://boringssl-review.googlesource.com/2063
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7240211..a212efe 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2141,9 +2141,13 @@
}
EVP_PKEY_free(clnt_pub_pkey);
+ clnt_pub_pkey = NULL;
EC_POINT_free(clnt_ecpoint);
+ clnt_ecpoint = NULL;
EC_KEY_free(srvr_ecdh);
+ srvr_ecdh = NULL;
BN_CTX_free(bn_ctx);
+ bn_ctx = NULL;
EC_KEY_free(s->s3->tmp.ecdh);
s->s3->tmp.ecdh = NULL;