diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-10-10 12:27:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-10-10 12:27:19 +0000 |
commit | 3fa29765fd654361f9070502139c31c40595ef7b (patch) | |
tree | d7f7ff2e6fc2bb64307f6498a67c371904308174 | |
parent | b9e468c163b5a3f902b5cef5c923b369b2ae4fed (diff) | |
download | openssl-3fa29765fd654361f9070502139c31c40595ef7b.tar.gz |
PR: 2314
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve
Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | ssl/s3_clnt.c | 1 |
2 files changed, 4 insertions, 0 deletions
@@ -893,6 +893,9 @@ Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] + *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 + [Steve Henson] + *) Don't reencode certificate when calculating signature: cache and use the original encoding instead. This makes signature verification of some broken encodings work correctly. diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 99b2f49284..8b74e9f53e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1509,6 +1509,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; } |