diff options
| author |   deraadt <deraadt@openbsd.org> | 2014-08-06 23:16:16 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2014-08-06 23:16:16 +0000 |
| commit | 6b5938cd3586ddafe3e369de19c73fccf73b8ba9 (patch) | |
| tree | 69acd317106cf02bd16a3e50dda877a55d0c6ca5 /lib/libssl/t1_lib.c | |
| parent | Mention how httpd responds to SIGHUP and SIGUSR1. (diff) | |
| download | wireguard-openbsd-6b5938cd3586ddafe3e369de19c73fccf73b8ba9.tar.xz wireguard-openbsd-6b5938cd3586ddafe3e369de19c73fccf73b8ba9.zip | |
merge fix for CVE-2014-3509 -- basically a missing s->hit check; ok guenther
Diffstat (limited to 'lib/libssl/t1_lib.c')
| -rw-r--r-- | lib/libssl/t1_lib.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index 0966e78b4d1..eebe6897ef6 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.52 2014/07/13 16:33:01 jsing Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.53 2014/08/06 23:16:16 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1339,16 +1339,20 @@ ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, *al = TLS1_AD_DECODE_ERROR; return 0; } - s->session->tlsext_ecpointformatlist_length = 0; + if (s->hit) { + free(s->session->tlsext_ecpointformatlist); + s->session->tlsext_ecpointformatlist_length = 0; - free(s->session->tlsext_ecpointformatlist); - if ((s->session->tlsext_ecpointformatlist = - malloc(ecpointformatlist_length)) == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; + if ((s->session->tlsext_ecpointformatlist = + malloc(ecpointformatlist_length)) == NULL) { + *al = TLS1_AD_INTERNAL_ERROR; + return 0; + } + s->session->tlsext_ecpointformatlist_length = + ecpointformatlist_length; + memcpy(s->session->tlsext_ecpointformatlist, + sdata, ecpointformatlist_length); } - s->session->tlsext_ecpointformatlist_length = ecpointformatlist_length; - memcpy(s->session->tlsext_ecpointformatlist, sdata, ecpointformatlist_length); } else if (type == TLSEXT_TYPE_session_ticket) { if (s->tls_session_ticket_ext_cb && |