Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after...
authorDavid Ramos <daramos@stanford.edu>
Sun, 1 Jun 2014 20:28:41 +0000 (21:28 +0100)
committerMatt Caswell <matt@openssl.org>
Sun, 1 Jun 2014 20:36:25 +0000 (21:36 +0100)
ssl/d1_pkt.c

index aefd85d..40633a8 100644 (file)
@@ -239,14 +239,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
        }
 #endif
 
-       /* insert should not fail, since duplicates are dropped */
-       if (pqueue_insert(queue->q, item) == NULL)
-               {
-               OPENSSL_free(rdata);
-               pitem_free(item);
-               return(0);
-               }
-
        s->packet = NULL;
        s->packet_length = 0;
        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -259,7 +251,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
                pitem_free(item);
                return(0);
                }
-       
+
+       /* insert should not fail, since duplicates are dropped */
+       if (pqueue_insert(queue->q, item) == NULL)
+               {
+               OPENSSL_free(rdata);
+               pitem_free(item);
+               return(0);
+               }
+
        return(1);
        }