Fixed NULL pointer dereference. See PR#3321
authorMatt Caswell <matt@openssl.org>
Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)
committerMatt Caswell <matt@openssl.org>
Sun, 11 May 2014 23:43:33 +0000 (00:43 +0100)
ssl/s3_pkt.c

index 40eb0dd347cc3babf2d2aee49a06b5d148c3b1a2..d961d1284014f52a5a19ec737a4b9bdc45114aae 100644 (file)
@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        SSL3_BUFFER *wb=&(s->s3->wbuf);
        SSL_SESSION *sess;
 
-       if (wb->buf == NULL)
-               if (!ssl3_setup_write_buffer(s))
-                       return -1;
 
        /* first check if there is a SSL3_BUFFER still being written
         * out.  This will happen with non blocking IO */
@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                /* if it went, fall through and send more stuff */
                }
 
+       if (wb->buf == NULL)
+               if (!ssl3_setup_write_buffer(s))
+                       return -1;
+
        if (len == 0 && !create_empty_fragment)
                return 0;