ssl3_free(): Return if it wasn't created
authorPascal Cuoq <cuoq@trust-in-soft.com>
Sun, 22 Nov 2015 23:13:15 +0000 (00:13 +0100)
committerKurt Roeckx <kurt@roeckx.be>
Tue, 24 Nov 2015 20:56:39 +0000 (21:56 +0100)
If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
get called with s->s3 still being NULL.

Patch also provided by Willy Tarreau <wtarreau@haproxy.com>

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
(cherry picked from commit 3e7bd2ce0b16f8611298175d6dc7cb35ee06ea6d)

ssl/s3_lib.c

index de917d3..f716d77 100644 (file)
@@ -2955,7 +2955,7 @@ int ssl3_new(SSL *s)
 
 void ssl3_free(SSL *s)
 {
-    if (s == NULL)
+    if (s == NULL || s->s3 == NULL)
         return;
 
 #ifdef TLSEXT_TYPE_opaque_prf_input