Fixed NULL pointer dereference. See PR#3321
authorMatt Caswell <matt@openssl.org>
Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)
committerMatt Caswell <matt@openssl.org>
Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)
ssl/s3_pkt.c

index ad9dc5154abf7d44fbce2a64340203c0823009cf..5efc03e5ec64ca886131bd45d73f5fa544a85d92 100644 (file)
@@ -880,9 +880,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        SSL3_BUFFER *wb=&(s->s3->wbuf);
        SSL_SESSION *sess;
 
-       if (wb->buf == NULL)
-               if (!ssl3_setup_write_buffer(s))
-                       return -1;
 
        /* first check if there is a SSL3_BUFFER still being written
         * out.  This will happen with non blocking IO */
@@ -898,6 +895,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                /* if it went, fall through and send more stuff */
                }
 
+       if (wb->buf == NULL)
+               if (!ssl3_setup_write_buffer(s))
+                       return -1;
+
        if (len == 0 && !create_empty_fragment)
                return 0;