[openssl.org #2314] [PATCH] fix double free in ssl3_get_key_exchange in case of error

Mounir IDRASSI via RT Sun, 08 Aug 2010 12:37:10 -0700

  Hi,

This patch corrects a double free bug in ssl3_get_key_exchange 
(s3_clnt.c) when an error happens during the connection to a server.


Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

--- E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c.original  Sun Feb 28 
01:24:24 2010

+++ E:/dev/libraries/openssl-1.0.latest/ssl/s3_clnt.c   Sun Aug  8 14:49:30 2010

@@ -1508,6 +1508,7 @@

                s->session->sess_cert->peer_ecdh_tmp=ecdh;
                ecdh=NULL;
                BN_CTX_free(bn_ctx);
+               bn_ctx = NULL;
                EC_POINT_free(srvr_ecpoint);
                srvr_ecpoint = NULL;
                }

[openssl.org #2314] [PATCH] fix double free in ssl3_get_key_exchange in case of error

Reply via email to