generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 2314

Browse Source 
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
This commit is contained in:
Dr. Stephen Henson 2010-10-10 12:33:10 +00:00
parent 0ef9b9c7bf
commit 9c2d0cd11c
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -857,6 +857,9 @@
Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
[Steve Henson]
*) Don't reencode certificate when calculating signature: cache and use *) Don't reencode certificate when calculating signature: cache and use
the original encoding instead. This makes signature verification of the original encoding instead. This makes signature verification of
some broken encodings work correctly. some broken encodings work correctly.

1
ssl/s3_clnt.c
View File

@ -1508,6 +1508,7 @@ int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert->peer_ecdh_tmp=ecdh; s->session->sess_cert->peer_ecdh_tmp=ecdh;
ecdh=NULL; ecdh=NULL;
BN_CTX_free(bn_ctx); BN_CTX_free(bn_ctx);
bn_ctx = NULL;
EC_POINT_free(srvr_ecpoint); EC_POINT_free(srvr_ecpoint);
srvr_ecpoint = NULL; srvr_ecpoint = NULL;
} }