subject:"\[openssl.org #3362\] \[PATCH\] use\-after\-free bug in dtls1_buffer_record \(ssl\/d1_pkt.c\)"

[openssl.org #3362] [PATCH] use-after-free bug in dtls1_buffer_record (ssl/d1_pkt.c)

2014-05-20 Thread David Ramos via RT

Hello, Our UC-KLEE tool found a use-after-free bug in dtls1_buffer_record (ssl/d1_pkt.c) affecting OpenSSL 1.0.1 (and probably other branches). If the call to ssl3_setup_buffers() (line 255 in the 1.0.1 HEAD) fails, the new item is freed, causing a dangling pointer to remain in the record queue

[openssl.org #3362] [PATCH] use-after-free bug in dtls1_buffer_record (ssl/d1_pkt.c)

2014-06-01 Thread Matt Caswell via RT

Hi David Patch applied: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d1e1aee Many thanks for your contribution. Matt __ OpenSSL Project http://www.openssl.org Development Mailing