Bug 1247688 - Fix possible NULL deref in tls13_HkdfExpandLabelRaw() r=franziskus

author: Tim Taubert <ttaubert@mozilla.com> 2016-02-24 11:05:02 +0100
committer: Tim Taubert <ttaubert@mozilla.com> 2016-02-24 11:05:02 +0100
commit: 305744fcc4181d7c84cbc1ebb550e84d34035c65 (patch)
tree: bb245cd70391443603481bb40fb7e53caafa3c53
parent: 2f086b5398a77b7ae58dd7de51dbcf04580b3f97 (diff)
download: nss-hg-305744fcc4181d7c84cbc1ebb550e84d34035c65.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/ssl/tls13hkdf.c b/lib/ssl/tls13hkdf.c
index 637970b14..e3dfe8c62 100644
--- a/lib/ssl/tls13hkdf.c
+++ b/lib/ssl/tls13hkdf.c
@@ -185,6 +185,10 @@ tls13_HkdfExpandLabelRaw(PK11SymKey *prk, SSLHashType baseHash,
                                label, labelLen,
                                kTlsHkdfInfo[baseHash].pkcs11Mech, outputLen,
                                &derived);
+    if (rv != SECSuccess || !derived) {
+        goto abort;
+    }
+
     rv = PK11_ExtractKeyValue(derived);
     if (rv != SECSuccess) {
         goto abort;
author	Tim Taubert <ttaubert@mozilla.com>	2016-02-24 11:05:02 +0100
committer	Tim Taubert <ttaubert@mozilla.com>	2016-02-24 11:05:02 +0100
commit	305744fcc4181d7c84cbc1ebb550e84d34035c65 (patch)
tree	bb245cd70391443603481bb40fb7e53caafa3c53
parent	2f086b5398a77b7ae58dd7de51dbcf04580b3f97 (diff)
download	nss-hg-305744fcc4181d7c84cbc1ebb550e84d34035c65.tar.gz