Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
This commit is contained in:
David Ramos
Matt Caswell
parent
723463282f
commit
d1e1aeef8f
1 changed files with 9 additions and 9 deletions
18
ssl/d1_pkt.c
18
ssl/d1_pkt.c
|
|
@ -239,14 +239,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
|
|||
}
|
||||
#endif
|
||||
|
||||
/* insert should not fail, since duplicates are dropped */
|
||||
if (pqueue_insert(queue->q, item) == NULL)
|
||||
{
|
||||
OPENSSL_free(rdata);
|
||||
pitem_free(item);
|
||||
return(0);
|
||||
}
|
||||
|
||||
s->packet = NULL;
|
||||
s->packet_length = 0;
|
||||
memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
|
||||
|
|
@ -259,7 +251,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
|
|||
pitem_free(item);
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
||||
/* insert should not fail, since duplicates are dropped */
|
||||
if (pqueue_insert(queue->q, item) == NULL)
|
||||
{
|
||||
OPENSSL_free(rdata);
|
||||
pitem_free(item);
|
||||
return(0);
|
||||
}
|
||||
|
||||
return(1);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue