From: David Ramos <daramos@stanford.edu>
Date: Sun, 1 Jun 2014 20:28:41 +0000 (+0100)
Subject: Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after... 
X-Git-Tag: master-post-reformat~749
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d1e1aeef8f434fa3caf5e27faf82ec629b794f3a;p=oweals%2Fopenssl.git

Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362
---

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index aefd85d0c3..40633a8705 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -239,14 +239,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 	}
 #endif
 
-	/* insert should not fail, since duplicates are dropped */
-	if (pqueue_insert(queue->q, item) == NULL)
-		{
-		OPENSSL_free(rdata);
-		pitem_free(item);
-		return(0);
-		}
-
 	s->packet = NULL;
 	s->packet_length = 0;
 	memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -259,7 +251,15 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 		pitem_free(item);
 		return(0);
 		}
-	
+
+	/* insert should not fail, since duplicates are dropped */
+	if (pqueue_insert(queue->q, item) == NULL)
+		{
+		OPENSSL_free(rdata);
+		pitem_free(item);
+		return(0);
+		}
+
 	return(1);
 	}