Commit 40a70628 authored May 28, 2008 by Bodo Möller

From HEAD:

Fix double-free in TLS server name extensions which could lead to a remote
crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com

parent c6f6c380

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -690,6 +690,10 @@

		Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]

		*) Fix double free in TLS server name extensions which could lead to
		a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
		[Joe Orton]

		*) Clear error queue in SSL_CTX_use_certificate_chain_file()

		Clear the error queue to ensure that error entries left from

ssl/t1_lib.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -637,6 +637,7 @@ int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in
		s->session->tlsext_hostname[len]='\0';
		if (strlen(s->session->tlsext_hostname) != len) {
		OPENSSL_free(s->session->tlsext_hostname);
		s->session->tlsext_hostname = NULL;
		*al = TLS1_AD_UNRECOGNIZED_NAME;
		return 0;
		}