Tue Aug 10 11:01:01 2010 UTC ()

fix a double free() in error case, see the thread
"openssl-1.0.0a and glibc detected sthg ;)" in openssl-dev.
I was getting a SEGV with the example posted there.


(drochner)

diff -r1.1.1.2 -r1.2 src/crypto/external/bsd/openssl/dist/ssl/s3_clnt.c

--- src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_clnt.c 2009/12/26 23:34:23	1.1.1.2
+++ src/crypto/external/bsd/openssl/dist/ssl/Attic/s3_clnt.c 2010/08/10 11:01:00	1.2

 @@ -1479,26 +1479,27 @@ int ssl3_get_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_RSA
 		else if (alg_a & SSL_aRSA)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 #endif
 #ifndef OPENSSL_NO_ECDSA
 		else if (alg_a & SSL_aECDSA)
 			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
 #endif
 		/* else anonymous ECDH, so no certificate or pkey. */
 		EC_KEY_set_public_key(ecdh, srvr_ecpoint);
 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
 		ecdh=NULL;
 		BN_CTX_free(bn_ctx);
 		bn_ctx = NULL;
 		EC_POINT_free(srvr_ecpoint);
 		srvr_ecpoint = NULL;
+		}
 	else if (alg_k)
+		{
 		al=SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
 		goto f_err;
+		}
 #endif /* !OPENSSL_NO_ECDH */
 	/* p points to the next byte, there are 'n' bytes left */