Commit ec8f246e authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix a double free in tls1_setup_key_block 



If p2 == NULL then p1 can get freed twice and a crash could occur.

Issue reported by Shi Lei (Qihoo 360 Inc)

Reviewed-by: default avatarViktor Dukhovni <viktor@openssl.org>
parent b1d7eaac

ssl/t1_enc.c

+0 −1
Original line number Diff line number Diff line
@@ -673,7 +673,6 @@ int tls1_setup_key_block(SSL *s) 


    if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL) {

        SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);

        OPENSSL_free(p1);

        goto err;

    }

#ifdef TLS_DEBUG