artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 85c7739)
Make sure ssl3_setup_buffers() does not return upon error with a freed
authormiod <miod@openbsd.org>
Sun, 18 May 2014 16:08:37 +0000 (16:08 +0000)
committermiod <miod@openbsd.org>
Sun, 18 May 2014 16:08:37 +0000 (16:08 +0000)
pqueue still chained, by inserting it into the list only after all possible
failure conditions have been avoided.

Reported and fix proposed by David Ramos; ok beck@

lib/libssl/d1_pkt.c patch | blob | history
lib/libssl/src/ssl/d1_pkt.c patch | blob | history

diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index 5d3aace..df18e5b 100644 (file)
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -247,13 +247,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        }
 #endif
 
-       /* insert should not fail, since duplicates are dropped */
-       if (pqueue_insert(queue->q, item) == NULL) {
-               free(rdata);
-               pitem_free(item);
-               return (0);
-       }
-
        s->packet = NULL;
        s->packet_length = 0;
        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -266,6 +259,13 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
                return (0);
        }
 
+       /* insert should not fail, since duplicates are dropped */
+       if (pqueue_insert(queue->q, item) == NULL) {
+               free(rdata);
+               pitem_free(item);
+               return (0);
+       }
+
        return (1);
 }
 
diff --git a/lib/libssl/src/ssl/d1_pkt.c b/lib/libssl/src/ssl/d1_pkt.c
index 5d3aace..df18e5b 100644 (file)
--- a/lib/libssl/src/ssl/d1_pkt.c
+++ b/lib/libssl/src/ssl/d1_pkt.c
@@ -247,13 +247,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        }
 #endif
 
-       /* insert should not fail, since duplicates are dropped */
-       if (pqueue_insert(queue->q, item) == NULL) {
-               free(rdata);
-               pitem_free(item);
-               return (0);
-       }
-
        s->packet = NULL;
        s->packet_length = 0;
        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -266,6 +259,13 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
                return (0);
        }
 
+       /* insert should not fail, since duplicates are dropped */
+       if (pqueue_insert(queue->q, item) == NULL) {
+               free(rdata);
+               pitem_free(item);
+               return (0);
+       }
+
        return (1);
 }
 
OpenBSD src
by Ahmet Artu Yildirim