X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fs3_pkt.c;h=330918a78aabfde2e893cf96c30f6a262d2fceae;hp=b4a1629853afbe9eb9a6959800ec95893dd968f7;hb=8aa02e97a782a4229936d5df6da42db3efe4acd1;hpb=8671b898609777c95aedf33743419a523874e6e8

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index b4a1629853..330918a78a 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -238,11 +238,9 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 		if (i <= 0)
 			{
 			rb->left = left;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
-			if (len+left == 0 &&
-			    (s->mode & SSL_MODE_RELEASE_BUFFERS))
-				ssl3_release_read_buffer(s);
-#endif
+			if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+				if (len+left == 0)
+					ssl3_release_read_buffer(s);
 			return(i);
 			}
 		left+=i;
@@ -414,6 +412,7 @@ printf("\n");
 
 	if (!clear)
 		{
+		/* !clear => s->read_hash != NULL => mac_size != -1 */
 		mac_size=EVP_MD_CTX_size(s->read_hash);
 
 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
@@ -825,15 +824,20 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
 			{
 			wb->left=0;
 			wb->offset+=i;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
 			if (s->mode & SSL_MODE_RELEASE_BUFFERS)
 				ssl3_release_write_buffer(s);
-#endif
 			s->rwstate=SSL_NOTHING;
 			return(s->s3->wpend_ret);
 			}
-		else if (i <= 0)
+		else if (i <= 0) {
+			if (s->version == DTLS1_VERSION) {
+				/* For DTLS, just drop it. That's kind of the wh
+ole
+				   point in using a datagram service */
+				wb->left = 0;
+			}
 			return(i);
+		}
 		wb->offset+=i;
 		wb->left-=i;
 		}
@@ -983,10 +987,8 @@ start:
 				{
 				s->rstate=SSL_ST_READ_HEADER;
 				rr->off=0;
-#ifndef OPENSSL_NO_RELEASE_BUFFERS
-				if ((s->mode & SSL_MODE_RELEASE_BUFFERS))
+				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
 					ssl3_release_read_buffer(s);
-#endif
 				}
 			}
 		return(n);
@@ -1308,6 +1310,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
 	if (s->s3->tmp.key_block == NULL)
 		{
+		if (s->session == NULL) 
+			{
+			/* might happen if dtls1_read_bytes() calls this */
+			SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
+			return (0);
+			}
+
 		s->session->cipher=s->s3->tmp.new_cipher;
 		if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
 		}