blob: 61f821b54d0a10b16273054220f266425749812e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From 748270554824d2a51d1718f52a8d3ab34116bbfb Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 15 Oct 2014 01:53:55 +0100
Subject: [PATCH] Fix for session tickets memory leak.
CVE-2014-3567
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
---
ssl/t1_lib.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 879467c..77fe232 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -3380,7 +3380,10 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+ {
+ EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
+ }
/* Attempt to decrypt session data */
/* Move p after IV to start of encrypted ticket, update length */
p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
--
1.7.9.5
|