From HEAD:

Fix double-free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) Reviewed by: openssl-security@openssl.org Obtained from: jorton@redhat.com

From HEAD:
Fix double-free in TLS server name extensions which could lead to a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) Reviewed by: openssl-security@openssl.org Obtained from: jorton@redhat.com
40a70628 · Bodo Möller · c6f6c380 · 40a70628 · 40a70628
隐藏空白更改
内联并排

Showing with 5 addition and 0 deletion

CHANGES CHANGES +4 -0

ssl/t1_lib.c ssl/t1_lib.c +1 -0

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -690,6 +690,10 @@

 Changes between 0.9.8g and 0.9.8h  [xx XXX xxxx]

+  *) Fix double free in TLS server name extensions which could lead to
+     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891) 
+     [Joe Orton]
+
  *) Clear error queue in SSL_CTX_use_certificate_chain_file()

     Clear the error queue to ensure that error entries left from

--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -637,6 +637,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 						s->session->tlsext_hostname[len]='\0';
 						if (strlen(s->session->tlsext_hostname) != len) {
 							OPENSSL_free(s->session->tlsext_hostname);
+							s->session->tlsext_hostname = NULL;
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 							return 0;
 						}