diff options
| author | jca <> | 2014-02-27 21:04:57 +0000 |
|---|---|---|
| committer | jca <> | 2014-02-27 21:04:57 +0000 |
| commit | 3b6d92e82b1421b811bcdec7f7fdfb31eeef18de (patch) | |
| tree | 40e788c732b30794928787a09a2b41e34c4772bb /src/lib/libssl/d1_both.c | |
| parent | 76214748f84ef8bbc3833462e40ef29a1e84a02c (diff) | |
| download | openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.tar.gz openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.tar.bz2 openbsd-3b6d92e82b1421b811bcdec7f7fdfb31eeef18de.zip | |
SECURITY fixes backported from openssl-1.0.1f. ok mikeb@
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
Diffstat (limited to 'src/lib/libssl/d1_both.c')
| -rw-r--r-- | src/lib/libssl/d1_both.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c index de8bab873f..72b3b20ae4 100644 --- a/src/lib/libssl/d1_both.c +++ b/src/lib/libssl/d1_both.c | |||
| @@ -214,6 +214,13 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) | |||
| 214 | static void | 214 | static void |
| 215 | dtls1_hm_fragment_free(hm_fragment *frag) | 215 | dtls1_hm_fragment_free(hm_fragment *frag) |
| 216 | { | 216 | { |
| 217 | |||
| 218 | if (frag->msg_header.is_ccs) | ||
| 219 | { | ||
| 220 | EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); | ||
| 221 | EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); | ||
| 222 | } | ||
| 223 | |||
| 217 | if (frag->fragment) OPENSSL_free(frag->fragment); | 224 | if (frag->fragment) OPENSSL_free(frag->fragment); |
| 218 | if (frag->reassembly) OPENSSL_free(frag->reassembly); | 225 | if (frag->reassembly) OPENSSL_free(frag->reassembly); |
| 219 | OPENSSL_free(frag); | 226 | OPENSSL_free(frag); |