Don't leave stale sequence numbers behind in ssl3_clear() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-03-15 15:59:04 +0000
committer	tb <>	2021-03-15 15:59:04 +0000
commit	00ac1a9c447d64f268cd57eb3cf9206c725e2d54 (patch)
tree	b29d9e1fea7b39c9759db74aee2ef863823a7455 /src/regress/lib/libcrypto/pem
parent	5eca2774fbb65f0eac0df1f87aaa91c139b0f724 (diff)
download	openbsd-libressl-v3.2.5.tar.gz openbsd-libressl-v3.2.5.tar.bz2 openbsd-libressl-v3.2.5.zip

Don't leave stale sequence numbers behind in ssl3_clear()libressl-v3.2.5

A TLS client doing session reuse in a certain way could run into a use-after-free. Set the sequence numbers inside ssl3_clear() to make sure this points at valid memory and do the initialization of the record layer a bit earlier so that this works as desired. Additionally, explicitly clear the sequence numbers in ssl3_free() which would have turned the use-after-free into a NULL dereference. Issue reported by Ilya Chipitsine. Fix from jsing This is errata/6.8/017_libssl.patch.sig

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: