From: Pascal Cuoq <cuoq@trust-in-soft.com>
Date: Sun, 22 Nov 2015 23:13:15 +0000 (+0100)
Subject: ssl3_free(): Return if it wasn't created
X-Git-Tag: OpenSSL_1_0_1q~11
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=784934498fac88eaeff106e22bcab44c272e2cc9;p=oweals%2Fopenssl.git

ssl3_free(): Return if it wasn't created

If somewhere in SSL_new() there is a memory allocation failure, ssl3_free() can
get called with s->s3 still being NULL.

Patch also provided by Willy Tarreau <wtarreau@haproxy.com>

Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
(cherry picked from commit 3e7bd2ce0b16f8611298175d6dc7cb35ee06ea6d)
---

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index de917d3f83..f716d77c81 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2955,7 +2955,7 @@ int ssl3_new(SSL *s)
 
 void ssl3_free(SSL *s)
 {
-    if (s == NULL)
+    if (s == NULL || s->s3 == NULL)
         return;
 
 #ifdef TLSEXT_TYPE_opaque_prf_input