1 *) Fix double free in TLS server name extensions which could lead to a remote
2 crash found by Codenomicon TLS test suite (CVE-2008-0891) [Joe Orton]
4 ===================================================================
5 RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
6 retrieving revision 1.13.2.8
7 diff -u -r1.13.2.8 ssl/t1_lib.c
8 --- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000
9 +++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
11 s->session->tlsext_hostname[len]='\0';
12 if (strlen(s->session->tlsext_hostname) != len) {
13 OPENSSL_free(s->session->tlsext_hostname);
14 + s->session->tlsext_hostname = NULL;
15 *al = TLS1_AD_UNRECOGNIZED_NAME;