Commit 63414e64 authored by Richard Levitte's avatar Richard Levitte
Browse files

Correct pointer to be freed 



The pointer that was freed in the SSLv2 section of ssl_bytes_to_cipher_list
may have stepped up from its allocated position.  Use a pointer that is
guaranteed to point at the start of the allocated block instead.

Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2312)
parent 26a39fa9

ssl/statem/statem_srvr.c

+1 −1
Original line number Diff line number Diff line
@@ -3489,7 +3489,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, 
                    || (leadbyte != 0

                        && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {

                *al = SSL_AD_INTERNAL_ERROR;

                OPENSSL_free(raw);

                OPENSSL_free(s->s3->tmp.ciphers_raw);

                s->s3->tmp.ciphers_raw = NULL;

                s->s3->tmp.ciphers_rawlen = 0;

                goto err;