diff options
author | Xin LI <delphij@FreeBSD.org> | 2014-05-13 23:17:24 +0000 |
---|---|---|
committer | Xin LI <delphij@FreeBSD.org> | 2014-05-13 23:17:24 +0000 |
commit | f5da602e4732949e09b5c55bb579594d061ce156 (patch) | |
tree | b9c5f02622394b071770e99dab1a6eaa0c162481 /crypto | |
parent | 1f4a471ae75e912e6b0213f928db6d45ced1e590 (diff) | |
download | src-f5da602e4732949e09b5c55bb579594d061ce156.tar.gz src-f5da602e4732949e09b5c55bb579594d061ce156.zip |
Fix OpenSSL NULL pointer deference vulnerability.
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2014-0198
Notes
Notes:
svn path=/head/; revision=265985
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/openssl/ssl/s3_pkt.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 8deeab3c9fbf..1b1613e6c1c0 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -657,6 +657,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, if (i <= 0) return(i); /* if it went, fall through and send more stuff */ + /* we may have released our buffer, so get it again */ + if (wb->buf == NULL) + if (!ssl3_setup_write_buffer(s)) + return -1; } if (len == 0 && !create_empty_fragment) |