diff options
| author | delphij <delphij@FreeBSD.org> | 2014-05-13 23:17:24 +0000 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2014-05-13 23:17:24 +0000 |
| commit | 43c7f4a7f16134807da0614913d96042fbd357f4 (patch) | |
| tree | b9c5f02622394b071770e99dab1a6eaa0c162481 /crypto | |
| parent | 4ec7183f863ca63053b9de6122c39036964750cd (diff) | |
| download | FreeBSD-src-43c7f4a7f16134807da0614913d96042fbd357f4.zip FreeBSD-src-43c7f4a7f16134807da0614913d96042fbd357f4.tar.gz | |
Fix OpenSSL NULL pointer deference vulnerability.
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2014-0198
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/openssl/ssl/s3_pkt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 8deeab3..1b1613e 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -657,6 +657,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (i <= 0) return(i); /* if it went, fall through and send more stuff */ + /* we may have released our buffer, so get it again */ + if (wb->buf == NULL) + if (!ssl3_setup_write_buffer(s)) + return -1; } if (len == 0 && !create_empty_fragment) |
