diff options
author | delphij <delphij@FreeBSD.org> | 2011-09-08 09:33:49 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2011-09-08 09:33:49 +0000 |
commit | 41cd87c13ef2eae05c70bdf24dd18c20d8722a21 (patch) | |
tree | c78ebae8f592503cd02c7bf8762ca3a1bdf05cce /crypto/openssl/ssl/s3_lib.c | |
parent | 3f2d6e22bf0098f8f5abd77b7d5d13f5d6d9606b (diff) | |
download | FreeBSD-src-41cd87c13ef2eae05c70bdf24dd18c20d8722a21.zip FreeBSD-src-41cd87c13ef2eae05c70bdf24dd18c20d8722a21.tar.gz |
Fix SSL memory handlig for (EC)DH cipher suites, in particular for
multi-threaded use of ECDH.
Security: CVE-2011-3210
Reviewed by: stas
Obtained from: OpenSSL CVS
Approved by: re (kib)
Diffstat (limited to 'crypto/openssl/ssl/s3_lib.c')
-rw-r--r-- | crypto/openssl/ssl/s3_lib.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c index 8fa4ab0..e6091ef 100644 --- a/crypto/openssl/ssl/s3_lib.c +++ b/crypto/openssl/ssl/s3_lib.c @@ -1722,11 +1722,17 @@ void ssl3_clear(SSL *s) } #ifndef OPENSSL_NO_DH if (s->s3->tmp.dh != NULL) + { DH_free(s->s3->tmp.dh); + s->s3->tmp.dh = NULL; + } #endif #ifndef OPENSSL_NO_ECDH if (s->s3->tmp.ecdh != NULL) + { EC_KEY_free(s->s3->tmp.ecdh); + s->s3->tmp.ecdh = NULL; + } #endif rp = s->s3->rbuf.buf; |