Correct pointer to be freed

The pointer that was freed in the SSLv2 section of ssl_bytes_to_cipher_list may have stepped up from its allocated position. Use a pointer that is guaranteed to point at the start of the allocated block instead. Reviewed-by: N Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2312)

Correct pointer to be freed
The pointer that was freed in the SSLv2 section of ssl_bytes_to_cipher_list may have stepped up from its allocated position. Use a pointer that is guaranteed to point at the start of the allocated block instead. Reviewed-by: N Kurt Roeckx <kurt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2312)
63414e64 · Richard Levitte · 26a39fa9 · 63414e64
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/statem/statem_srvr.c ssl/statem/statem_srvr.c +1 -1

未找到文件。
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3489,7 +3489,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,
                    || (leadbyte != 0
                        && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
                *al = SSL_AD_INTERNAL_ERROR;
-                OPENSSL_free(raw);
+                OPENSSL_free(s->s3->tmp.ciphers_raw);
                s->s3->tmp.ciphers_raw = NULL;
                s->s3->tmp.ciphers_rawlen = 0;
                goto err;