PR: 2072

Submitted by: Tomas Mraz <tmraz@redhat.com>
Approved by: steve@openssl.org

Avoid potential doublefree and reuse of freed handshake_buffer.

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7aa1c037b25758d97edb56a0cd6bd97e957b7508..d6b047c9955ade3aa1e722495e91601aa3709a67 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2211,6 +2211,7 @@ void ssl3_clear(SSL *s)
        wlen = s->s3->wbuf.len;
        if (s->s3->handshake_buffer) {
                BIO_free(s->s3->handshake_buffer);
+               s->s3->handshake_buffer = NULL;
        }
        if (s->s3->handshake_dgst) {
                ssl3_free_digest_list(s);