Blame SOURCES/openssl-1.0.1e-cve-2010-5298.patch

ff4ef5
From: Ben Laurie <ben@links.org>
ff4ef5
Date: Wed, 23 Apr 2014 06:24:03 +0000 (+0100)
ff4ef5
Subject: Fix use after free.
ff4ef5
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=94d1f4b
ff4ef5
ff4ef5
Fix use after free.
ff4ef5
---
ff4ef5
ff4ef5
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
ff4ef5
index b9e45c7..d601a18 100644
ff4ef5
--- a/ssl/s3_pkt.c
ff4ef5
+++ b/ssl/s3_pkt.c
ff4ef5
@@ -1334,7 +1334,7 @@ start:
ff4ef5
 				{
ff4ef5
 				s->rstate=SSL_ST_READ_HEADER;
ff4ef5
 				rr->off=0;
ff4ef5
-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
ff4ef5
+				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
ff4ef5
 					ssl3_release_read_buffer(s);
ff4ef5
 				}
ff4ef5
 			}