From 9c2d0cd11ca1bb5644253f4a21fb78b9b2789a3e Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sun, 10 Oct 2010 12:33:10 +0000
Subject: [PATCH] PR: 2314 Submitted by: Mounir IDRASSI
 <mounir.idrassi@idrix.net> Reviewed by: steve

Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
---
 CHANGES       | 3 +++
 ssl/s3_clnt.c | 1 +
 2 files changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index b6708ffdc6..80d0d4a67a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -857,6 +857,9 @@
   
  Changes between 0.9.8o and 0.9.8p [xx XXX xxxx]
 
+  *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+     [Steve Henson]
+
   *) Don't reencode certificate when calculating signature: cache and use
      the original encoding instead. This makes signature verification of
      some broken encodings work correctly.
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 41769febab..6eab135c05 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1508,6 +1508,7 @@ int ssl3_get_key_exchange(SSL *s)
 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
 		ecdh=NULL;
 		BN_CTX_free(bn_ctx);
+		bn_ctx = NULL;
 		EC_POINT_free(srvr_ecpoint);
 		srvr_ecpoint = NULL;
 		}
-- 
2.25.1