From 5759425810685fc02a49d7bb3eb44eeba389b8e2 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 10 Oct 2010 12:15:47 +0000 Subject: [PATCH] PR: 2314 Submitted by: Mounir IDRASSI Reviewed by: steve Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 --- CHANGES | 3 +++ ssl/s3_clnt.c | 1 + 2 files changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 76a3793764..2944acae75 100644 --- a/CHANGES +++ b/CHANGES @@ -173,6 +173,9 @@ Changes between 0.9.8n and 1.0.0 [29 Mar 2010] + *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 + [Steve Henson] + *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher context. The operation can be customised via the ctrl mechanism in case ENGINEs want to include additional functionality. diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ac21f19254..0c1df8ca47 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1526,6 +1526,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_ecdh_tmp=ecdh; ecdh=NULL; BN_CTX_free(bn_ctx); + bn_ctx = NULL; EC_POINT_free(srvr_ecpoint); srvr_ecpoint = NULL; } -- 2.34.1