os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/patches/SA-14:09/openssl.patch
Xin LI e4e2190aed Add 3 new advisories: 
Fix devfs rules not applied by default for jails. [SA-14:07]

Fix OpenSSL use-after-free vulnerability. [SA-14:08]

Fix TCP reassembly vulnerability. [SA-14:09]
2014-04-30 04:32:38 +00:00

13 lines
450 B
Diff
Raw Blame History

Index: crypto/openssl/ssl/s3_pkt.c
===================================================================
--- crypto/openssl/ssl/s3_pkt.c (revision 265054)
+++ crypto/openssl/ssl/s3_pkt.c (working copy)
@@ -1055,7 +1055,7 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
ssl3_release_read_buffer(s);
}
}
Reference in a new issue View git blame Copy permalink