From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Mon, 23 Aug 2021 09:11:29 +0000 (+0200)
Subject: Avoid using undefined value in generate_stateless_cookie_callback
X-Git-Tag: openssl-3.0.0~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=06447b58b234be050d405c6c75bfc987c6dcfdf9;p=thirdparty%2Fopenssl.git

Avoid using undefined value in generate_stateless_cookie_callback

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16384)
---

diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 245bae6249d..c9a611aa3aa 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -823,7 +823,8 @@ int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
     size_t temp = 0;
     int res = generate_stateless_cookie_callback(ssl, cookie, &temp);
 
-    *cookie_len = (unsigned int)temp;
+    if (res != 0)
+        *cookie_len = (unsigned int)temp;
     return res;
 }