Fix the ECDSA timing attack mentioned in the paper at:

http://eprint.iacr.org/2011/232.pdf Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for bringing this to our attention.
author: Dr. Stephen Henson <steve@openssl.org> 2011-05-25 14:52:21 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-25 14:52:21 +0000
commit: a26e245ecd6a15459202569e0df8b40bc10339a5 (patch)
tree: 65715d818ee77857fbe2e3099f4f48edd5a98306 /crypto/ocsp
parent: 992bdde62d2eea57bb85935a0c1a0ef0ca59b3da (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 0090bc267c..a94dc838ee 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -171,14 +171,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
 
 	char *host, *port;
 
-	/* dup the buffer since we are going to mess with it */
-	buf = BUF_strdup(url);
-	if (!buf) goto mem_err;
-
 	*phost = NULL;
 	*pport = NULL;
 	*ppath = NULL;
 
+	/* dup the buffer since we are going to mess with it */
+	buf = BUF_strdup(url);
+	if (!buf) goto mem_err;
+
 	/* Check for initial colon */
 	p = strchr(buf, ':');
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-25 14:52:21 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-25 14:52:21 +0000
commit	a26e245ecd6a15459202569e0df8b40bc10339a5 (patch)
tree	65715d818ee77857fbe2e3099f4f48edd5a98306 /crypto/ocsp
parent	992bdde62d2eea57bb85935a0c1a0ef0ca59b3da (diff)