Swap the check in ssl3_write_pending to avoid using

the possibly indeterminate pointer value in wpend_buf. Reviewed-by: N Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5305)

Swap the check in ssl3_write_pending to avoid using
the possibly indeterminate pointer value in wpend_buf. Reviewed-by: N Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5305)
ebc20cfa · Bernd Edlinger · c423ecaa · ebc20cfa
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

ssl/record/rec_layer_s3.c ssl/record/rec_layer_s3.c +2 -2

未找到文件。
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1115,8 +1115,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
    size_t tmpwrit = 0;

    if ((s->rlayer.wpend_tot > len)
-        || ((s->rlayer.wpend_buf != buf) &&
-            !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
+        || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+            && (s->rlayer.wpend_buf != buf))
        || (s->rlayer.wpend_type != type)) {
        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
                 SSL_R_BAD_WRITE_RETRY);