Fix use-after-free in BIO_C_SET_SSL callback

[openssl.git] / ssl / bio_ssl.c

diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index d1876d8b8c1f4a37586641625e99b791adedd17a..ca364fd14fd56336e3c8a823b0bea8404cf3d89d 100644 (file)
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -1,7 +1,7 @@
 /*
  * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL license (the "License").  You may not use
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
@@ -14,7 +14,7 @@
 #include <openssl/crypto.h>
 #include "internal/bio.h"
 #include <openssl/err.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written);
 static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes);
@@ -284,6 +284,7 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
             ssl_free(b);
             if (!ssl_new(b))
                 return 0;
+            bs = BIO_get_data(b);
         }
         BIO_set_shutdown(b, num);
         ssl = (SSL *)ptr;