CVE-2020-28018: Use-after-free in tls-openssl.c

author Qualys Security Advisory <qsa@qualys.com>

Mon, 22 Feb 2021 03:05:56 +0000 (19:05 -0800)

committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>

Thu, 27 May 2021 19:30:45 +0000 (21:30 +0200)
author Qualys Security Advisory <qsa@qualys.com>
Mon, 22 Feb 2021 03:05:56 +0000 (19:05 -0800)
committer Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Thu, 27 May 2021 19:30:45 +0000 (21:30 +0200)
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c

index 13b0c232f0e9ac263343882c9e4a8a21c79c2ccd..eb18d64d3ed32575d5c176ca5f15e9e735dbb37b 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -4053,16 +4053,12 @@ if (more || corked)
    {
    if (!len) buff = US &error;  /* dummy just so that string_catn is ok */
  
-#ifndef DISABLE_PIPE_CONNECT
    int save_pool = store_pool;
    store_pool = POOL_PERM;
-#endif
  
    corked = string_catn(corked, buff, len);
  
-#ifndef DISABLE_PIPE_CONNECT
    store_pool = save_pool;
-#endif
  
    if (more)
      {
author	Qualys Security Advisory <qsa@qualys.com>
	Mon, 22 Feb 2021 03:05:56 +0000 (19:05 -0800)
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
	Thu, 27 May 2021 19:30:45 +0000 (21:30 +0200)