Don't leave stale sequence numbers behind in ssl3_clear() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-03-15 15:59:04 +0000
committer	tb <>	2021-03-15 15:59:04 +0000
commit	fc06cdeb11963e348e9787bb95689f9be064a506 (patch)
tree	b29d9e1fea7b39c9759db74aee2ef863823a7455 /src/lib/libssl/test/smcont.txt
parent	70029edfad38276befdaee62f4fe7e084070c0cd (diff)
download	openbsd-libressl-v3.2.5.tar.gz openbsd-libressl-v3.2.5.tar.bz2 openbsd-libressl-v3.2.5.zip

Don't leave stale sequence numbers behind in ssl3_clear()libressl-v3.2.5

A TLS client doing session reuse in a certain way could run into a use-after-free. Set the sequence numbers inside ssl3_clear() to make sure this points at valid memory and do the initialization of the record layer a bit earlier so that this works as desired. Additionally, explicitly clear the sequence numbers in ssl3_free() which would have turned the use-after-free into a NULL dereference. Issue reported by Ilya Chipitsine. Fix from jsing This is errata/6.8/017_libssl.patch.sig

Diffstat (limited to 'src/lib/libssl/test/smcont.txt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: