Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug.
PR#3362 (Imported from upstream's 8de85b00484e7e4ca6f0b6e174fb1dc97db91281)
This commit is contained in:
Adam Langley
parent
a09d2127ea
commit
3a54f9e015
18
ssl/d1_pkt.c
18
ssl/d1_pkt.c
@ -231,14 +231,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
|
||||
|
||||
item->data = rdata;
|
||||
|
||||
/* insert should not fail, since duplicates are dropped */
|
||||
if (pqueue_insert(queue->q, item) == NULL)
|
||||
{
|
||||
OPENSSL_free(rdata);
|
||||
pitem_free(item);
|
||||
return(0);
|
||||
}
|
||||
|
||||
s->packet = NULL;
|
||||
s->packet_length = 0;
|
||||
memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
|
||||
@ -251,7 +243,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
|
||||
pitem_free(item);
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
||||
/* insert should not fail, since duplicates are dropped */
|
||||
if (pqueue_insert(queue->q, item) == NULL)
|
||||
{
|
||||
OPENSSL_free(rdata);
|
||||
pitem_free(item);
|
||||
return(0);
|
||||
}
|
||||
|
||||
return(1);
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user