diff options
| author | Miod Vallat <miod@cvs.openbsd.org> | 2014-05-18 16:08:38 +0000 |
|---|---|---|
| committer | Miod Vallat <miod@cvs.openbsd.org> | 2014-05-18 16:08:38 +0000 |
| commit | c803d3fbc581831b8d458586a39909b1d8428b5d (patch) | |
| tree | 1da3fc11f55a07be44527909a2ca9091f94f1ee8 /lib/libssl | |
| parent | 230df96770a9a8b921b019ad751a940aabeca193 (diff) | |
Make sure ssl3_setup_buffers() does not return upon error with a freed
pqueue still chained, by inserting it into the list only after all possible
failure conditions have been avoided.
Reported and fix proposed by David Ramos; ok beck@
Diffstat (limited to 'lib/libssl')
| -rw-r--r-- | lib/libssl/d1_pkt.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c index 5d3aaceac6f..df18e5bae37 100644 --- a/lib/libssl/d1_pkt.c +++ b/lib/libssl/d1_pkt.c @@ -247,13 +247,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) } #endif - /* insert should not fail, since duplicates are dropped */ - if (pqueue_insert(queue->q, item) == NULL) { - free(rdata); - pitem_free(item); - return (0); - } - s->packet = NULL; s->packet_length = 0; memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER)); @@ -266,6 +259,13 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) return (0); } + /* insert should not fail, since duplicates are dropped */ + if (pqueue_insert(queue->q, item) == NULL) { + free(rdata); + pitem_free(item); + return (0); + } + return (1); } |