Date: Sun, 14 Nov 2010 09:33:47 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r215288 - head/crypto/openssl/ssl Message-ID: <201011140933.oAE9Xlxl076727@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Sun Nov 14 09:33:47 2010 New Revision: 215288 URL: http://svn.freebsd.org/changeset/base/215288 Log: Fix double-free in OpenSSL's SSL ECDH code. It has yet to be determined if this warrants a FreeBSD Security Advisory, but we might as well get it fixed in the normal branches. Obtained from: OpenSSL CVS Security: CVE-2010-2939 X-MFC after: Not long... Modified: head/crypto/openssl/ssl/s3_clnt.c Modified: head/crypto/openssl/ssl/s3_clnt.c ============================================================================== --- head/crypto/openssl/ssl/s3_clnt.c Sun Nov 14 09:14:17 2010 (r215287) +++ head/crypto/openssl/ssl/s3_clnt.c Sun Nov 14 09:33:47 2010 (r215288) @@ -1377,6 +1377,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011140933.oAE9Xlxl076727>