Fix a couple more malloc test crashes.

The ex_data index may fail to be allocated. Also don't leave a dangling pointer
in handshake_dgst if EVP_DigestInit_ex fails and check a few more init function
failures.

Change-Id: I2e99a89b2171c9d73ccc925a2f35651af34ac5fb
Reviewed-on: https://boringssl-review.googlesource.com/2342
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 2474934a..393db773 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -300,7 +300,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
 
 	memcpy(mac_secret,ms,i);
 
-	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
+	if (!EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)))
+		goto err2;
 
 #ifdef OPENSSL_SSL_TRACE_CRYPTO
 	if (s->msg_callback)
@@ -561,6 +562,7 @@ int ssl3_digest_cached_records(SSL *s, enum should_free_handshake_buffer_t shoul
 			if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL))
 				{
 				EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
+				s->s3->handshake_dgst[i] = NULL;
 				OPENSSL_PUT_ERROR(SSL, ssl3_digest_cached_records, ERR_LIB_EVP);
 				return 0;
 				}