Fixed NULL pointer dereference. See PR#3321

author: Matt Caswell <matt@openssl.org> 2014-05-12 01:38:37 +0200
committer: Matt Caswell <matt@openssl.org> 2014-05-12 01:38:37 +0200
commit: 7b06ac7593cf4cecfc2510989ed504d808a130b5 (patch)
tree: 7c607f1d3fc97f8e821cb567679c49058619cfdf /ssl
parent: Set authkey to NULL and check malloc return value. (diff)
download: openssl-7b06ac7593cf4cecfc2510989ed504d808a130b5.tar.xz
openssl-7b06ac7593cf4cecfc2510989ed504d808a130b5.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index ad9dc5154a..5efc03e5ec 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -880,9 +880,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	SSL3_BUFFER *wb=&(s->s3->wbuf);
 	SSL_SESSION *sess;
 
- 	if (wb->buf == NULL)
-		if (!ssl3_setup_write_buffer(s))
-			return -1;
 
 	/* first check if there is a SSL3_BUFFER still being written
 	 * out.  This will happen with non blocking IO */
@@ -898,6 +895,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 		/* if it went, fall through and send more stuff */
 		}
 
+ 	if (wb->buf == NULL)
+		if (!ssl3_setup_write_buffer(s))
+			return -1;
+
 	if (len == 0 && !create_empty_fragment)
 		return 0;
author	Matt Caswell <matt@openssl.org>	2014-05-12 01:38:37 +0200
committer	Matt Caswell <matt@openssl.org>	2014-05-12 01:38:37 +0200
commit	7b06ac7593cf4cecfc2510989ed504d808a130b5 (patch)
tree	7c607f1d3fc97f8e821cb567679c49058619cfdf /ssl
parent	Set authkey to NULL and check malloc return value. (diff)
download	openssl-7b06ac7593cf4cecfc2510989ed504d808a130b5.tar.xz openssl-7b06ac7593cf4cecfc2510989ed504d808a130b5.zip