From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 10 Oct 2010 12:15:47 +0000 (+0000)
Subject: PR: 2314
X-Git-Tag: OpenSSL-fips-2_0-rc1~962
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5759425810685fc02a49d7bb3eb44eeba389b8e2;p=oweals%2Fopenssl.git

PR: 2314
Submitted by: Mounir IDRASSI <mounir.idrassi@idrix.net>
Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
---

diff --git a/CHANGES b/CHANGES
index 76a3793764..2944acae75 100644
--- a/CHANGES
+++ b/CHANGES
@@ -173,6 +173,9 @@
 
  Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
 
+  *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+     [Steve Henson]
+
   *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
      context. The operation can be customised via the ctrl mechanism in
      case ENGINEs want to include additional functionality.
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index ac21f19254..0c1df8ca47 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1526,6 +1526,7 @@ int ssl3_get_key_exchange(SSL *s)
 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
 		ecdh=NULL;
 		BN_CTX_free(bn_ctx);
+		bn_ctx = NULL;
 		EC_POINT_free(srvr_ecpoint);
 		srvr_ecpoint = NULL;
 		}