Fixed NULL pointer dereference. See PR#3321

author Matt Caswell <matt@openssl.org>

Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)

committer Matt Caswell <matt@openssl.org>

Sun, 11 May 2014 23:43:33 +0000 (00:43 +0100)
author Matt Caswell <matt@openssl.org>
Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)
committer Matt Caswell <matt@openssl.org>
Sun, 11 May 2014 23:43:33 +0000 (00:43 +0100)
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c

index 40eb0dd347cc3babf2d2aee49a06b5d148c3b1a2..d961d1284014f52a5a19ec737a4b9bdc45114aae 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
         SSL3_BUFFER *wb=&(s->s3->wbuf);
         SSL_SESSION *sess;
  
-       if (wb->buf == NULL)
-               if (!ssl3_setup_write_buffer(s))
-                       return -1;
  
         /* first check if there is a SSL3_BUFFER still being written
          * out.  This will happen with non blocking IO */
@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                 /* if it went, fall through and send more stuff */
                 }
  
+       if (wb->buf == NULL)
+               if (!ssl3_setup_write_buffer(s))
+                       return -1;
+
         if (len == 0 && !create_empty_fragment)
                 return 0;
author	Matt Caswell <matt@openssl.org>
	Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)
committer	Matt Caswell <matt@openssl.org>
	Sun, 11 May 2014 23:43:33 +0000 (00:43 +0100)