CVSROOT: /cvs Module name: src Changes by: [email protected] 2015/02/06 21:37:35
Modified files:
lib/libssl/src/ssl: bs_cbb.c
Log message:
Only call free in CBB_init().
CBB_init_fixed() should not call free because it can lead to use after
free or double free bugs. The caller should be responsible for
creating and destroying the buffer.
>From BoringSSL commit a84f06fc1eee6ea25ce040675fbad72c532afece
miod agrees with the reasoning
ok jsing@, beck@
