Fix double-frees on malloc failure in ssl3_get_client_key_exchange. If generating the master secret or applying the PSK post-processing fails, we'll double-free all the ECDH state. Change-Id: Id52931af73bdef5eceb06f7e64d32fdda629521e Reviewed-on: https://boringssl-review.googlesource.com/2063 Reviewed-by: Adam Langley <agl@google.com>

commit: 8f1ef1d55477f6f5c359c866dacceec8eb2cd7ce [log] [tgz]
author: David Benjamin <davidben@chromium.org> Tue Oct 28 01:07:54 2014 -0400
committer: Adam Langley <agl@google.com> Wed Oct 29 20:34:25 2014 +0000
tree: fccc314566f9e565aff5610db5b11fcb8d965676
parent: 93d67d36c5d262eb128087f80a71637e4caa86ee [diff]
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 7240211..a212efe 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c

@@ -2141,9 +2141,13 @@
 			}
 
 		EVP_PKEY_free(clnt_pub_pkey);
+		clnt_pub_pkey = NULL;
 		EC_POINT_free(clnt_ecpoint);
+		clnt_ecpoint = NULL;
 		EC_KEY_free(srvr_ecdh);
+		srvr_ecdh = NULL;
 		BN_CTX_free(bn_ctx);
+		bn_ctx = NULL;
 		EC_KEY_free(s->s3->tmp.ecdh);
 		s->s3->tmp.ecdh = NULL;
commit	8f1ef1d55477f6f5c359c866dacceec8eb2cd7ce	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Tue Oct 28 01:07:54 2014 -0400
committer	Adam Langley <agl@google.com>	Wed Oct 29 20:34:25 2014 +0000
tree	fccc314566f9e565aff5610db5b11fcb8d965676
parent	93d67d36c5d262eb128087f80a71637e4caa86ee [diff]