generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 2314

Browse Source 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
This commit is contained in:
Dr. Stephen Henson 2010-10-10 12:27:19 +00:00
parent b9e468c163
commit 3fa29765fd
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -893,6 +893,9 @@
Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
[Steve Henson]
*) Don't reencode certificate when calculating signature: cache and use *) Don't reencode certificate when calculating signature: cache and use
the original encoding instead. This makes signature verification of the original encoding instead. This makes signature verification of
some broken encodings work correctly. some broken encodings work correctly.

1
ssl/s3_clnt.c
View File

@ -1509,6 +1509,7 @@ int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_ecdh_tmp=ecdh; s->session->sess_cert->peer_ecdh_tmp=ecdh;
ecdh=NULL; ecdh=NULL;
BN_CTX_free(bn_ctx); BN_CTX_free(bn_ctx);
bn_ctx = NULL;
EC_POINT_free(srvr_ecpoint); EC_POINT_free(srvr_ecpoint);
srvr_ecpoint = NULL; srvr_ecpoint = NULL;
} }