The function ssl_get_min_max_version() can fail We should always check the return code. This fixes a coverity issue. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5308)

commit: 1d0c08b4963f5f7e1d1855e360417a11973d8455 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Fri Feb 09 18:03:08 2018 +0000
committer: Matt Caswell <matt@openssl.org> Mon Feb 12 10:06:39 2018 +0000
tree: d7b74082b737242ebba6ebc167d7e1f1e2797621
parent: 7e70213fe3c79461ad3d776a8de1a5beff4bea78 [diff] [blame]
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index f224da6..d770706 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c

@@ -3650,8 +3650,13 @@
     int i;
     size_t totlen = 0, len, maxlen, maxverok = 0;
     int empty_reneg_info_scsv = !s->renegotiate;
+
     /* Set disabled masks for this session */
-    ssl_set_client_disabled(s);
+    if (!ssl_set_client_disabled(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 SSL_R_NO_PROTOCOLS_AVAILABLE);
+        return 0;
+    }
 
     if (sk == NULL) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
commit	1d0c08b4963f5f7e1d1855e360417a11973d8455	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Fri Feb 09 18:03:08 2018 +0000
committer	Matt Caswell <matt@openssl.org>	Mon Feb 12 10:06:39 2018 +0000
tree	d7b74082b737242ebba6ebc167d7e1f1e2797621
parent	7e70213fe3c79461ad3d776a8de1a5beff4bea78 [diff] [blame]