CVS commit: src/crypto/external/bsd/openssl/dist/ssl

Christos Zoulas Sun, 13 Apr 2014 06:15:07 -0700

Module Name:    src
Committed By:   christos
Date:           Sun Apr 13 13:14:15 UTC 2014


Modified Files:
        src/crypto/external/bsd/openssl/dist/ssl: s3_pkt.c

Log Message:
Fix use after free:
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.13 src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.14
--- src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c:1.13	Sat Jan 11 13:34:37 2014
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_pkt.c	Sun Apr 13 09:14:15 2014
@@ -1057,7 +1057,8 @@ start:
 				s->rstate=SSL_ST_READ_HEADER;
 				rr->off=0;
 				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
-					ssl3_release_read_buffer(s);
+					if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+						ssl3_release_read_buffer(s);
 				}
 			}
 		return(n);

CVS commit: src/crypto/external/bsd/openssl/dist/ssl

Reply via email to