[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Sat Jan 28 18:07:34 UTC 2017
The branch master has been updated
via 63414e64e66e376654e993ac966e3b2f9d849d3b (commit)
from 26a39fa953c11c4257471570655b0193828d4721 (commit)
- Log -----------------------------------------------------------------
commit 63414e64e66e376654e993ac966e3b2f9d849d3b
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Jan 28 15:14:07 2017 +0100
Correct pointer to be freed
The pointer that was freed in the SSLv2 section of ssl_bytes_to_cipher_list
may have stepped up from its allocated position. Use a pointer that is
guaranteed to point at the start of the allocated block instead.
Reviewed-by: Kurt Roeckx <kurt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2312)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/statem_srvr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 0043b05..2e76b80 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3489,7 +3489,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
|| (leadbyte != 0
&& !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
*al = SSL_AD_INTERNAL_ERROR;
- OPENSSL_free(raw);
+ OPENSSL_free(s->s3->tmp.ciphers_raw);
s->s3->tmp.ciphers_raw = NULL;
s->s3->tmp.ciphers_rawlen = 0;
goto err;
More information about the openssl-commits
mailing list