commit fbdfefb76e8a81fd05f24be5d8c3f8732a5e6223
author David Benjamin <davidben@chromium.org> Mon Feb 16 19:33:53 2015 -0500
committer Adam Langley <agl@google.com> Tue Feb 17 21:01:37 2015 +0000
tree 19e2525a6c0a0b7e3570cd7a68d06a1ef6279de0
parent 9d0847ae6dc2a54f2c673e82fe4ede2570923710

Handle failures in ssl3_finish_mac.

It may fail because the BIO_write to the memory BIO can allocate.
Unfortunately, this bubbles up pretty far up now that we've moved the handshake
hash to ssl3_set_handshake_header.

Change-Id: I58884347a4456bb974ac4783078131522167e29d
Reviewed-on: https://boringssl-review.googlesource.com/3483
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index c6c2b42..f70cfcb 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -724,7 +724,9 @@
     }
 
     l = p - d;
-    ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l);
+    if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) {
+      goto err;
+    }
     s->state = SSL3_ST_CW_CLNT_HELLO_B;
   }
 
@@ -2001,7 +2003,9 @@
 
     /* The message must be added to the finished hash before calculating the
      * master secret. */
-    ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n);
+    if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_KEY_EXCHANGE, n)) {
+      goto err;
+    }
     s->state = SSL3_ST_CW_KEY_EXCH_B;
 
     s->session->master_key_length = s->enc_method->generate_master_secret(
@@ -2097,7 +2101,9 @@
     s2n(signature_length, p);
     n += signature_length + 2;
 
-    ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n);
+    if (!ssl_set_handshake_header(s, SSL3_MT_CERTIFICATE_VERIFY, n)) {
+      goto err;
+    }
     s->state = SSL3_ST_CW_CERT_VRFY_B;
   }
 
@@ -2286,7 +2292,9 @@
     memset(p, 0, padding_len);
     p += padding_len;
 
-    ssl_set_handshake_header(s, SSL3_MT_NEXT_PROTO, p - d);
+    if (!ssl_set_handshake_header(s, SSL3_MT_NEXT_PROTO, p - d)) {
+      return -1;
+    }
     s->state = SSL3_ST_CW_NEXT_PROTO_B;
   }
 
@@ -2397,8 +2405,10 @@
     goto err;
   }
 
-  ssl_set_handshake_header(s, SSL3_MT_ENCRYPTED_EXTENSIONS,
-                           2 + 2 + TLSEXT_CHANNEL_ID_SIZE);
+  if (!ssl_set_handshake_header(s, SSL3_MT_ENCRYPTED_EXTENSIONS,
+                                2 + 2 + TLSEXT_CHANNEL_ID_SIZE)) {
+    goto err;
+  }
   s->state = SSL3_ST_CW_CHANNEL_ID_B;
 
   ret = ssl_do_write(s);