Fix seg fault in dtls1_new
authorMatt Caswell <matt@openssl.org>
Tue, 3 Feb 2015 16:11:49 +0000 (16:11 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 26 Mar 2015 15:02:00 +0000 (15:02 +0000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/d1_lib.c
ssl/record/d1_pkt.c
ssl/record/s3_pkt.c

index 6ffbf5f..f959942 100644 (file)
@@ -124,6 +124,10 @@ int dtls1_new(SSL *s)
 {
     DTLS1_STATE *d1;
 
+    if(!DTLS_RECORD_LAYER_new(&s->rlayer)) {
+        return 0;
+    }
+    
     if (!ssl3_new(s))
         return (0);
     if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) {
@@ -131,12 +135,6 @@ int dtls1_new(SSL *s)
         return (0);
     }
     memset(d1, 0, sizeof *d1);
-    
-    if(!DTLS_RECORD_LAYER_new(&s->rlayer)) {
-        OPENSSL_free(d1);
-        ssl3_free(s);
-        return 0;
-    }
 
     d1->buffered_messages = pqueue_new();
     d1->sent_messages = pqueue_new();
index 5d0adb9..e5a2788 100644 (file)
@@ -133,8 +133,7 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
 
 
     rl->d = d;
-    DTLS_RECORD_LAYER_clear(rl);
-    
+
     d->unprocessed_rcds.q = pqueue_new();
     d->processed_rcds.q = pqueue_new();
 
index 065ad94..30df2b7 100644 (file)
@@ -145,8 +145,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
     size_t rlen, wlen;
     int read_ahead;
     SSL *s;
+    DTLS_RECORD_LAYER *d;
 
     s = rl->s;
+    d = rl->d;
     read_ahead = rl->read_ahead;
     rp = SSL3_BUFFER_get_buf(&rl->rbuf);
     rlen = SSL3_BUFFER_get_len(&rl->rbuf);
@@ -165,6 +167,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
     rl->read_ahead = read_ahead;
     rl->rstate = SSL_ST_READ_HEADER;
     rl->s = s;
+    rl->d = d;
+    
+    if(d)
+        DTLS_RECORD_LAYER_clear(rl);
 }
 
 void RECORD_LAYER_release(RECORD_LAYER *rl)