Fix OpenSSL use-after-free vulnerability.

Obtained from: OpenBSD Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298
2014-04-30 04:02:36 +00:00 · 2014-04-30 04:02:36 +00:00 · e38c714ed3
commit e38c714ed3
parent 97a065c889
1 changed files with 1 additions and 1 deletions
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@ -1055,7 +1055,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 				{
 				s->rstate=SSL_ST_READ_HEADER;
 				rr->off=0;
-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
 					ssl3_release_read_buffer(s);
 				}
 			}