Modify compression code so it avoids using ex_data free functions. This

stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory.
author: Dr. Stephen Henson <steve@openssl.org> 2010-01-13 18:45:03 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-01-13 18:45:03 +0000
commit: 06e2670a57f1d6588dfdd22a7f90ad9bf1d472f7 (patch)
tree: 7f00228fe49718d37061637a47a119ce3aa474a6 /CHANGES
parent: 3798a4d0597c8c665b41f6211f22c763b22f245b (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 80024ce79a..85c5bd8698 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 0.9.8l (?) and 0.9.8m (?)  [xx XXX xxxx]
 
+  *) Modify compression code so it frees up structures without using the
+     ex_data callbacks. This works around a problem where some applications
+     call CRYPTO_free_all_ex_data() before application exit (e.g. when
+     restarting) then use compression (e.g. SSL with compression) later.
+     This results in significant per-connection memory leaks and
+     has caused some security issues including CVE-2008-1678 and
+     CVE-2009-4355.
+     [Steve Henson]
+
   *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
      change when encrypting or decrypting.
      [Bodo Moeller]
author	Dr. Stephen Henson <steve@openssl.org>	2010-01-13 18:45:03 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-01-13 18:45:03 +0000
commit	06e2670a57f1d6588dfdd22a7f90ad9bf1d472f7 (patch)
tree	7f00228fe49718d37061637a47a119ce3aa474a6 /CHANGES
parent	3798a4d0597c8c665b41f6211f22c763b22f245b (diff)