SECURITY fixes backported from openssl-1.0.1f. ok mikeb@

CVE-2013-4353 NULL pointer dereference with crafted Next Protocol Negotiation record in TLS handshake. Upstream: 197e0ea CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client. Upstream: ca98926, 0294b2b CVE-2013-6450 Fix DTLS retransmission from previous session. Upstream: 3462896
author: jca <jca@openbsd.org> 2014-02-27 21:04:57 +0000
committer: jca <jca@openbsd.org> 2014-02-27 21:04:57 +0000
commit: 724b1063fe45f812c6c49b2bd4e01ffac44b5cf7 (patch)
tree: c0d4574f0e1068cefda493f918eede5b1729afa5 /lib/libssl/d1_both.c
parent: some unlikely tape candidates (diff)
download: wireguard-openbsd-724b1063fe45f812c6c49b2bd4e01ffac44b5cf7.tar.xz
wireguard-openbsd-724b1063fe45f812c6c49b2bd4e01ffac44b5cf7.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/libssl/d1_both.c b/lib/libssl/d1_both.c
index de8bab873f2..72b3b20ae4e 100644
--- a/lib/libssl/d1_both.c
+++ b/lib/libssl/d1_both.c
@@ -214,6 +214,13 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
 static void
 dtls1_hm_fragment_free(hm_fragment *frag)
 	{
+
+	if (frag->msg_header.is_ccs)
+		{
+		EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
+		EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
+		}
+
 	if (frag->fragment) OPENSSL_free(frag->fragment);
 	if (frag->reassembly) OPENSSL_free(frag->reassembly);
 	OPENSSL_free(frag);
author	jca <jca@openbsd.org>	2014-02-27 21:04:57 +0000
committer	jca <jca@openbsd.org>	2014-02-27 21:04:57 +0000
commit	724b1063fe45f812c6c49b2bd4e01ffac44b5cf7 (patch)
tree	c0d4574f0e1068cefda493f918eede5b1729afa5 /lib/libssl/d1_both.c
parent	some unlikely tape candidates (diff)
download	wireguard-openbsd-724b1063fe45f812c6c49b2bd4e01ffac44b5cf7.tar.xz wireguard-openbsd-724b1063fe45f812c6c49b2bd4e01ffac44b5cf7.zip