Kurt said this is fixed in git, can be closed I guess.
Cheers
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Description.
We are dereferencing s->s3 in ssl3_free without checking if s->s3 is null or
not.
s->s3 can be null because of the below code path.
SSL_new--> ssl3_new/tls1_new (via s->method->ssl_new) which allocates s3 and
assigns s->s3 if successful. If not s->s3 will remain null as we memset
Yes. Malloc failed in our case.
Srinivas
-Original Message-
From: Kurt Roeckx via RT [mailto:r...@openssl.org]
Sent: Sunday, November 29, 2015 6:59 PM
To: Srinivas Koripella
Cc: openssl-dev@openssl.org
Subject: Re: [openssl-dev] [openssl.org #4159] BUG ::: Null dereference in
ssl3_free