diff options
author | delphij <delphij@FreeBSD.org> | 2014-05-13 23:19:16 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2014-05-13 23:19:16 +0000 |
commit | 065f33ceeaaf9a1809785180d2f3b30a66d52a40 (patch) | |
tree | c8c23642d59c1e8552784c21e8734e7e3d1ed88f /crypto/openssl | |
parent | 8921815288373eb72a0a72d407cf22d5fcae5129 (diff) | |
download | FreeBSD-src-065f33ceeaaf9a1809785180d2f3b30a66d52a40.zip FreeBSD-src-065f33ceeaaf9a1809785180d2f3b30a66d52a40.tar.gz |
Fix OpenSSL NULL pointer deference vulnerability.
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2014-0198
Diffstat (limited to 'crypto/openssl')
-rw-r--r-- | crypto/openssl/ssl/s3_pkt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 8deeab3..1b1613e 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -657,6 +657,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (i <= 0) return(i); /* if it went, fall through and send more stuff */ + /* we may have released our buffer, so get it again */ + if (wb->buf == NULL) + if (!ssl3_setup_write_buffer(s)) + return -1; } if (len == 0 && !create_empty_fragment) |