Fix "DTLS use after free" (CVE-2009-1379)
Kurt Roeckx
14 years ago
4 | 4 | * Fix security issues (Closes: #530400) |
5 | 5 | - "DTLS record buffer limitation bug." (CVE-2009-1377) |
6 | 6 | - "DTLS fragment handling" (CVE-2009-1378) |
7 | - "DTLS use after free" (CVE-2009-1379) | |
7 | 8 | |
8 | 9 | -- Kurt Roeckx <kurt@roeckx.be> Sat, 16 May 2009 17:33:55 +0200 |
9 | 10 |
529 | 529 | frag->fragment,frag->msg_header.frag_len); |
530 | 530 | } |
531 | 531 | |
532 | unsigned long frag_len = frag->msg_header.frag_len; | |
532 | 533 | dtls1_hm_fragment_free(frag); |
533 | 534 | pitem_free(item); |
534 | 535 | |
535 | 536 | if (al==0) |
536 | 537 | { |
537 | 538 | *ok = 1; |
538 | return frag->msg_header.frag_len; | |
539 | return frag_len; | |
539 | 540 | } |
540 | 541 | |
541 | 542 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |