From 1209021f0eab25b69c67e06ccd1c6673a9afd996 Mon Sep 17 00:00:00 2001 From: miod <> Date: Wed, 6 Aug 2014 20:11:09 +0000 Subject: Prevent a possible use after free by mimicing the s3_srvr.c fixes contributed by Adam Langley close to three years ago, which were commited in https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e7928282d0148af5f28fa3437a625a2006af0214 ok jsing@ --- src/lib/libssl/d1_srvr.c | 5 +---- src/lib/libssl/src/ssl/d1_srvr.c | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index 6f1d436d18..848bc0f0be 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.34 2014/07/28 04:23:12 guenther Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.35 2014/08/06 20:11:09 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1065,7 +1065,6 @@ dtls1_send_server_key_exchange(SSL *s) } if (s->s3->tmp.dh != NULL) { - DH_free(dh); SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1110,8 +1109,6 @@ dtls1_send_server_key_exchange(SSL *s) } if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c index 6f1d436d18..848bc0f0be 100644 --- a/src/lib/libssl/src/ssl/d1_srvr.c +++ b/src/lib/libssl/src/ssl/d1_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_srvr.c,v 1.34 2014/07/28 04:23:12 guenther Exp $ */ +/* $OpenBSD: d1_srvr.c,v 1.35 2014/08/06 20:11:09 miod Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -1065,7 +1065,6 @@ dtls1_send_server_key_exchange(SSL *s) } if (s->s3->tmp.dh != NULL) { - DH_free(dh); SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } @@ -1110,8 +1109,6 @@ dtls1_send_server_key_exchange(SSL *s) } if (s->s3->tmp.ecdh != NULL) { - EC_KEY_free(s->s3->tmp.ecdh); - SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } -- cgit v1.2.3-55-g6feb