Fixed NULL pointer dereference. See PR#3321

author Matt Caswell <matt@openssl.org>

Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)

committer Matt Caswell <matt@openssl.org>

Sun, 11 May 2014 23:39:43 +0000 (00:39 +0100)
author Matt Caswell <matt@openssl.org>
Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)
committer Matt Caswell <matt@openssl.org>
Sun, 11 May 2014 23:39:43 +0000 (00:39 +0100)
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c

index 8a23de5f34cbb7b9ddeb77208416a29009cf15cf..d0f3c764a3aa2777a8cc1983d7696fab334e8c50 100644 (file)
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -841,9 +841,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
         SSL3_BUFFER *wb=&(s->s3->wbuf);
         SSL_SESSION *sess;
  
-       if (wb->buf == NULL)
-               if (!ssl3_setup_write_buffer(s))
-                       return -1;
  
         /* first check if there is a SSL3_BUFFER still being written
          * out.  This will happen with non blocking IO */
@@ -859,6 +856,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                 /* if it went, fall through and send more stuff */
                 }
  
+       if (wb->buf == NULL)
+               if (!ssl3_setup_write_buffer(s))
+                       return -1;
+
         if (len == 0 && !create_empty_fragment)
                 return 0;
author	Matt Caswell <matt@openssl.org>
	Sun, 11 May 2014 23:38:37 +0000 (00:38 +0100)
committer	Matt Caswell <matt@openssl.org>
	Sun, 11 May 2014 23:39:43 +0000 (00:39 +0100)