generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362

Browse Source
This commit is contained in:
David Ramos
2014-06-01 21:42:47 +01:00
committed by Matt Caswell
parent f87c6a551e
commit 8343e6b6b2
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ssl/d1_pkt.c
View File

@@ -231,13 +231,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
item->data = rdata;
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL)
{
OPENSSL_free(rdata);
pitem_free(item);
return(0);
}
s->packet = NULL;
s->packet_length = 0;
@@ -252,6 +245,14 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
return(0);
}
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL)
{
OPENSSL_free(rdata);
pitem_free(item);
return(0);
}
return(1);
}