Fix ssl3_send_new_session_ticket error-handling. If there is a malloc failure while assembling the ticket, call CBB_cleanup. Also return -1 instead of 0; zero means EOF in the old state machine and -1 means error. (Except enough of the stack gets it wrong that consumers handle both, but we should fix this.) Change-Id: I98541a9fa12772ec159f9992d1f9f53e5ca4cc5a Reviewed-on: https://boringssl-review.googlesource.com/12104 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>

commit: e75cc2766ca8e6d8a9378171f56d2d71882d7da9 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Nov 03 18:06:27 2016 -0400
committer: Adam Langley <agl@google.com> Tue Nov 08 23:03:06 2016 +0000
tree: 43cd343369489dec0ed809bde31aaa9b5f85e7b6
parent: 0a011fc49fa15aa2cd1443bf512ef87958b34a43 [diff]
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index d17e659..14229cb 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c

@@ -1840,7 +1840,8 @@
                                             ? ssl->session
                                             : ssl->s3->new_session) ||
       !ssl->method->finish_message(ssl, &cbb)) {
-    return 0;
+    CBB_cleanup(&cbb);
+    return -1;
   }
 
   ssl->state = SSL3_ST_SW_SESSION_TICKET_B;
commit	e75cc2766ca8e6d8a9378171f56d2d71882d7da9	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Nov 03 18:06:27 2016 -0400
committer	Adam Langley <agl@google.com>	Tue Nov 08 23:03:06 2016 +0000
tree	43cd343369489dec0ed809bde31aaa9b5f85e7b6
parent	0a011fc49fa15aa2cd1443bf512ef87958b34a43 [diff]