On Wed, Oct 28, 2015 at 12:58:09AM +0000, Willy TARREAU via RT wrote: > This patch fixes a NULL dereference issue when SSL_new() fails due to a > low memory condition. Here it is possible that ssl3_new() fails, but > despite this ssl3_free() is called along the error path and doesn't check > that s->s3 is valid before dereferencing it.
This was actually already reported with the same patch last week. But I want to look in the whole error handling of SSL_new(). PS: Are you using some tool to try and find those issues? Kurt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
