From owner-svn-src-head@FreeBSD.ORG  Sun Nov 14 09:33:47 2010
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A9FA0106566C;
	Sun, 14 Nov 2010 09:33:47 +0000 (UTC)
	(envelope-from simon@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 9881B8FC08;
	Sun, 14 Nov 2010 09:33:47 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id oAE9Xl4M076729;
	Sun, 14 Nov 2010 09:33:47 GMT (envelope-from simon@svn.freebsd.org)
Received: (from simon@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id oAE9Xlxl076727;
	Sun, 14 Nov 2010 09:33:47 GMT (envelope-from simon@svn.freebsd.org)
Message-Id: <201011140933.oAE9Xlxl076727@svn.freebsd.org>
From: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Sun, 14 Nov 2010 09:33:47 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r215288 - head/crypto/openssl/ssl
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Nov 2010 09:33:47 -0000

Author: simon
Date: Sun Nov 14 09:33:47 2010
New Revision: 215288
URL: http://svn.freebsd.org/changeset/base/215288

Log:
  Fix double-free in OpenSSL's SSL ECDH code.
  
  It has yet to be determined if this warrants a FreeBSD Security
  Advisory, but we might as well get it fixed in the normal branches.
  
  Obtained from:	OpenSSL CVS
  Security:	CVE-2010-2939
  X-MFC after:	Not long...

Modified:
  head/crypto/openssl/ssl/s3_clnt.c

Modified: head/crypto/openssl/ssl/s3_clnt.c
==============================================================================
--- head/crypto/openssl/ssl/s3_clnt.c	Sun Nov 14 09:14:17 2010	(r215287)
+++ head/crypto/openssl/ssl/s3_clnt.c	Sun Nov 14 09:33:47 2010	(r215288)
@@ -1377,6 +1377,7 @@ int ssl3_get_key_exchange(SSL *s)
 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
 		ecdh=NULL;
 		BN_CTX_free(bn_ctx);
+		bn_ctx = NULL;
 		EC_POINT_free(srvr_ecpoint);
 		srvr_ecpoint = NULL;
 		}