Author: delphij
Date: Wed Apr 30 04:02:36 2014
New Revision: 265120
URL: http://svnweb.freebsd.org/changeset/base/265120
Log:
Fix OpenSSL use-after-free vulnerability.
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2010-5298
Modified:
head/crypto/openssl/ssl/s3_pkt.c
Modified: head/crypto/openssl/ssl/s3_pkt.c
==============================================================================
--- head/crypto/openssl/ssl/s3_pkt.c Wed Apr 30 04:02:32 2014
(r265119)
+++ head/crypto/openssl/ssl/s3_pkt.c Wed Apr 30 04:02:36 2014
(r265120)
@@ -1055,7 +1055,7 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
s->s3->rbuf.left == 0)
ssl3_release_read_buffer(s);
}
}
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
