[openssl.org #2358] [PATCH] Correct a double free bug in ssl3_send_server_key_exchange

Mounir IDRASSI via RT Sun, 10 Oct 2010 06:13:31 -0700

  Hi,

This patch against the latest 1.0.1 stable snapshot corrects a double 
free bug in function ssl3_send_server_key_exchange (s3_srvr.c) that 
occurs when an ECDHE cipher is used, leading to a crash.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

--- C:/Dev/libraries/openssl-1.0.1-stable/ssl/s3_srvr.c.original        Sun Oct 
10 03:42:36 2010

+++ C:/Dev/libraries/openssl-1.0.1-stable/ssl/s3_srvr.c Sun Oct 10 03:47:02 2010

@@ -1768,6 +1768,7 @@

                            (unsigned char *)encodedPoint, 
                            encodedlen);
                        OPENSSL_free(encodedPoint);
+                       encodedPoint = NULL;
                        p += encodedlen;
                        }
 #endif

[openssl.org #2358] [PATCH] Correct a double free bug in ssl3_send_server_key_exchange

Reply via email to