PR: 2314
authorDr. Stephen Henson <steve@openssl.org>
Sun, 10 Oct 2010 12:27:19 +0000 (12:27 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 10 Oct 2010 12:27:19 +0000 (12:27 +0000)
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939

CHANGES
ssl/s3_clnt.c

diff --git a/CHANGES b/CHANGES
index 4d78343..ae47318 100644 (file)
--- a/CHANGES
+++ b/CHANGES
   
  Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
 
+  *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+     [Steve Henson]
+
   *) Don't reencode certificate when calculating signature: cache and use
      the original encoding instead. This makes signature verification of
      some broken encodings work correctly.
index 99b2f49..8b74e9f 100644 (file)
@@ -1509,6 +1509,7 @@ int ssl3_get_key_exchange(SSL *s)
                s->session->sess_cert->peer_ecdh_tmp=ecdh;
                ecdh=NULL;
                BN_CTX_free(bn_ctx);
+               bn_ctx = NULL;
                EC_POINT_free(srvr_ecpoint);
                srvr_ecpoint = NULL;
                }