From ba1660b2826e9045d30ed397dd28291c9addf48d Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Sat, 12 Nov 2016 14:26:19 +0900
Subject: [PATCH] Tidy up finish_message logic.

dtls1_finish_message should NULL *out_msg before calling OPENSSL_free,
rather than asking ssl3_complete_message to do it. ssl3_finish_message
has no need to call it at all.

Change-Id: I22054217073690ab391cd19bf9993b1ceada41fd
Reviewed-on: https://boringssl-review.googlesource.com/12231
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
---
 ssl/d1_both.c | 1 +
 ssl/s3_both.c | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 82ee58ca..0364664e 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -738,6 +738,7 @@ int dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type) {
 
 int dtls1_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg,
                          size_t *out_len) {
+  *out_msg = NULL;
   if (!CBB_finish(cbb, out_msg, out_len) ||
       *out_len < DTLS1_HM_HEADER_LENGTH) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 4cb37bc7..9f9dfadc 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -209,9 +209,9 @@ int ssl3_finish_message(SSL *ssl, CBB *cbb, uint8_t **out_msg,
                         size_t *out_len) {
   if (!CBB_finish(cbb, out_msg, out_len)) {
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
-    OPENSSL_free(*out_msg);
     return 0;
   }
+
   return 1;
 }
 
@@ -231,7 +231,7 @@ int ssl3_queue_message(SSL *ssl, uint8_t *msg, size_t len) {
 }
 
 int ssl_complete_message(SSL *ssl, CBB *cbb) {
-  uint8_t *msg = NULL;
+  uint8_t *msg;
   size_t len;
   if (!ssl->method->finish_message(ssl, cbb, &msg, &len) ||
       !ssl->method->queue_message(ssl, msg, len)) {