Date: Wed, 30 Apr 2014 04:02:36 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r265120 - head/crypto/openssl/ssl Message-ID: <201404300402.s3U42amK013846@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Wed Apr 30 04:02:36 2014 New Revision: 265120 URL: http://svnweb.freebsd.org/changeset/base/265120 Log: Fix OpenSSL use-after-free vulnerability. Obtained from: OpenBSD Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298 Modified: head/crypto/openssl/ssl/s3_pkt.c Modified: head/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- head/crypto/openssl/ssl/s3_pkt.c Wed Apr 30 04:02:32 2014 (r265119) +++ head/crypto/openssl/ssl/s3_pkt.c Wed Apr 30 04:02:36 2014 (r265120) @@ -1055,7 +1055,7 @@ start: { s->rstate=SSL_ST_READ_HEADER; rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) ssl3_release_read_buffer(s); } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404300402.s3U42amK013846>