Fix seg fault in dtls1_new

Reviewed-by: N Richard Levitte <levitte@openssl.org>

Fix seg fault in dtls1_new
Reviewed-by: N Richard Levitte <levitte@openssl.org>
5fb6f80c · Matt Caswell · cb2ce7ab · 5fb6f80c · 5fb6f80c · 5fb6f80c
隐藏空白更改
内联并排

Showing with 11 addition and 8 deletion

ssl/d1_lib.c ssl/d1_lib.c +4 -6

ssl/record/d1_pkt.c ssl/record/d1_pkt.c +1 -2

ssl/record/s3_pkt.c ssl/record/s3_pkt.c +6 -0

未找到文件。
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -124,6 +124,10 @@ int dtls1_new(SSL *s)
 {
    DTLS1_STATE *d1;

+    if(!DTLS_RECORD_LAYER_new(&s->rlayer)) {
+        return 0;
+    }
+    
    if (!ssl3_new(s))
        return (0);
    if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) {
@@ -131,12 +135,6 @@ int dtls1_new(SSL *s)
        return (0);
    }
    memset(d1, 0, sizeof *d1);
-    
-    if(!DTLS_RECORD_LAYER_new(&s->rlayer)) {
-        OPENSSL_free(d1);
-        ssl3_free(s);
-        return 0;
-    }

    d1->buffered_messages = pqueue_new();
    d1->sent_messages = pqueue_new();

--- a/ssl/record/d1_pkt.c
+++ b/ssl/record/d1_pkt.c
@@ -133,8 +133,7 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)


    rl->d = d;
-    DTLS_RECORD_LAYER_clear(rl);
-    
+
    d->unprocessed_rcds.q = pqueue_new();
    d->processed_rcds.q = pqueue_new();


--- a/ssl/record/s3_pkt.c
+++ b/ssl/record/s3_pkt.c
@@ -145,8 +145,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
    size_t rlen, wlen;
    int read_ahead;
    SSL *s;
+    DTLS_RECORD_LAYER *d;

    s = rl->s;
+    d = rl->d;
    read_ahead = rl->read_ahead;
    rp = SSL3_BUFFER_get_buf(&rl->rbuf);
    rlen = SSL3_BUFFER_get_len(&rl->rbuf);
@@ -165,6 +167,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
    rl->read_ahead = read_ahead;
    rl->rstate = SSL_ST_READ_HEADER;
    rl->s = s;
+    rl->d = d;
+    
+    if(d)
+        DTLS_RECORD_LAYER_clear(rl);
 }

 void RECORD_LAYER_release(RECORD_LAYER *rl)