aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon L. B. Nielsen <simon@FreeBSD.org>2009-08-23 14:15:28 +0000
committerSimon L. B. Nielsen <simon@FreeBSD.org>2009-08-23 14:15:28 +0000
commit58c74b7534a4526075de41fd4b24bc769866523a (patch)
tree6c32e4652df546de40a7d32b291a91f7f3cd18fe
parentf8f8fb827d260bb6161b82bb67de04c0a4c9868c (diff)
downloadsrc-58c74b7534a4526075de41fd4b24bc769866523a.tar.gz
src-58c74b7534a4526075de41fd4b24bc769866523a.zip
Import DTLS fix from upstream OpenSSL 0.9.8 branch:
Do not access freed data structure. Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL. Security: CVE-2009-1379 Obtained from: OpenSSL CVS http://cvs.openssl.org/chngview?cn=18156
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=196463
-rw-r--r--ssl/d1_both.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 0c863179bc88..967d8c542ddb 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -519,6 +519,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
if ( s->d1->handshake_read_seq == frag->msg_header.seq)
{
+ unsigned long frag_len = frag->msg_header.frag_len;
pqueue_pop(s->d1->buffered_messages);
al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
@@ -536,7 +537,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
if (al==0)
{
*ok = 1;
- return frag->msg_header.frag_len;
+ return frag_len;
}
ssl3_send_alert(s,SSL3_AL_FATAL,al);