[openssl-dev] [openssl.org #4159] BUG ::: Null dereference in ssl3_free
Srinivas Koripella via RT
rt at openssl.org
Mon Nov 30 03:46:17 UTC 2015
Yes. Malloc failed in our case.
Srinivas
-----Original Message-----
From: Kurt Roeckx via RT [mailto:rt at openssl.org]
Sent: Sunday, November 29, 2015 6:59 PM
To: Srinivas Koripella
Cc: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl.org #4159] BUG ::: Null dereference in ssl3_free
On Sun, Nov 29, 2015 at 11:09:34AM +0000, Srinivas Koripella via RT wrote:
> Description.
>
> We are dereferencing s->s3 in ssl3_free without checking if s->s3 is null or not.
This has already been fixed in the current git versions.
I'm wondering why you see this, you should only get this in case
malloc() failed.
Kurt
More information about the openssl-dev
mailing list