git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit - ssl/statem/statem_clnt.c

projects / thirdparty / openssl.git / commit

author	David Benjamin <davidben@google.com>
	Mon, 11 Jul 2016 03:35:04 +0000 (23:35 -0400)
committer	Rich Salz <rsalz@openssl.org>
	Tue, 12 Jul 2016 19:39:42 +0000 (15:39 -0400)
commit	e99ab8ffd70c24a68b8e9c46da1d669fe0bed810
tree	53a3a6e524f6f6e4a4c4fdf97c175483e441dfec	tree \| snapshot
parent	3307000d9852acac98ebc1b82cacc9b14240d798	commit \| diff

Fix DH error-handling in tls_process_key_exchange.

The set0 setters take ownership of their arguments, so the values should
be set to NULL to avoid a double-free in the cleanup block should
ssl_security(SSL_SECOP_TMP_DH) fail. Found by BoringSSL's WeakDH test.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1299)

ssl/statem/statem_clnt.c

diff | blob | blame | history

A mirror of the official openssl repository

RSS Atom