From d3b3a6d389c9824c80e503229ff2a6109031736f Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mark@openssl.org>
Date: Wed, 28 May 2008 07:26:33 +0000
Subject: Fix double-free in TLS server name extensions which could lead to a
 remote crash found by Codenomicon TLS test suite (CVE-2008-0891)

Reviewed by: openssl-security@openssl.org

Obtained from: jorton@redhat.com
---
 ssl/t1_lib.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ssl/t1_lib.c')

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 93a4caa48e..35f04afa4a 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -381,6 +381,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 						s->session->tlsext_hostname[len]='\0';
 						if (strlen(s->session->tlsext_hostname) != len) {
 							OPENSSL_free(s->session->tlsext_hostname);
+							s->session->tlsext_hostname = NULL;
 							*al = TLS1_AD_UNRECOGNIZED_NAME;
 							return 0;
 						}
-- 
cgit v1.2.3