Site Navigation

Date:      Sun, 14 Nov 2010 09:33:47 +0000 (UTC)
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r215288 - head/crypto/openssl/ssl
Message-ID:  <201011140933.oAE9Xlxl076727@svn.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: simon
Date: Sun Nov 14 09:33:47 2010
New Revision: 215288
URL: http://svn.freebsd.org/changeset/base/215288

Log:
  Fix double-free in OpenSSL's SSL ECDH code.
  
  It has yet to be determined if this warrants a FreeBSD Security
  Advisory, but we might as well get it fixed in the normal branches.
  
  Obtained from:	OpenSSL CVS
  Security:	CVE-2010-2939
  X-MFC after:	Not long...

Modified:
  head/crypto/openssl/ssl/s3_clnt.c

Modified: head/crypto/openssl/ssl/s3_clnt.c
==============================================================================
--- head/crypto/openssl/ssl/s3_clnt.c	Sun Nov 14 09:14:17 2010	(r215287)
+++ head/crypto/openssl/ssl/s3_clnt.c	Sun Nov 14 09:33:47 2010	(r215288)
@@ -1377,6 +1377,7 @@ int ssl3_get_key_exchange(SSL *s)
 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
 		ecdh=NULL;
 		BN_CTX_free(bn_ctx);
+		bn_ctx = NULL;
 		EC_POINT_free(srvr_ecpoint);
 		srvr_ecpoint = NULL;
 		}

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201011140933.oAE9Xlxl076727>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact