In case of malloc error, the buffer is not tested here
In ssl/d1_both.c
int
dtls1_process_heartbeat(SSL s)
{
.....
/ Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
buffer = OPENSSL_malloc(write_length);
bp = buffer;
/* Enter response type, length and copy payload */
*bp++ = TLS1_HB_RESPONSE;
Here neither
In ssl/d1_both.c
int
dtls1_heartbeat(SSL s)
{
.......
buf = OPENSSL_malloc(1 + 2 + payload + padding);
p = buf;
/ Message Type */
*p++ = TLS1_HB_REQUEST;
Here neither in ssl/s3_enc.c
int ssl3_digest_cached_records(SSL *s)
{
....
Here neither in ssl/ssl_ciph.c
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
.....
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
comp->id=id;
Here neither in ssl/ssl_sess.c
int SSL_set_session(SSL *s, SSL_SESSION *session)
{
....
s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
session->krb5_client_princ_len);
In version openssl-1.0.h
In case of malloc error, the buffer is not tested here
In ssl/d1_both.c
int
dtls1_process_heartbeat(SSL s)
{
.....
/ Allocate memory for the response, size is 1 byte
* message type, plus 2 bytes payload length, plus
* payload, plus padding
*/
buffer = OPENSSL_malloc(write_length);
bp = buffer;
Here neither
In ssl/d1_both.c
int
dtls1_heartbeat(SSL s)
{
.......
buf = OPENSSL_malloc(1 + 2 + payload + padding);
p = buf;
/ Message Type */
*p++ = TLS1_HB_REQUEST;
Here neither in ssl/s3_enc.c
int ssl3_digest_cached_records(SSL *s)
{
....
Here neither in ssl/ssl_ciph.c
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
.....
comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
comp->id=id;
Here neither in ssl/ssl_sess.c
int SSL_set_session(SSL *s, SSL_SESSION *session)
{
....
s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
session->krb5_client_princ_len);