diff options
author | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2014-06-09 17:49:19 +0000 |
---|---|---|
committer | agl@chromium.org <agl@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2014-06-09 17:49:19 +0000 |
commit | 063a4b93646788bd883fc0cb1b5eafc991ddacc4 (patch) | |
tree | 092083d1a1e54aa6c75663718859844b8c161aa2 /openssl/ssl/s3_pkt.c | |
parent | 91df33371f74906f255df571daa236be67565c4f (diff) | |
download | openssl-063a4b93646788bd883fc0cb1b5eafc991ddacc4.tar.gz |
Pull in more changes from OpenSSL 1.0.1h.
This change includes the following changes from OpenSSL:
a07856a08d7e8d76273e5d05099914aa335da143
"Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362"
725c5f1ad393a7bc344348d0ec7c268aaf2700a7
"Fix use after free."
(Not a problem unless read-ahead is used, which it is not in Chrome)
bcc311668ede6ffdcd6dc5a65454a548b5404fcc
"Free up s->d1->buffered_app_data.q properly. PR#3286"
b107586c0c3447ea22dba8698ebbcd81bb29d48c
"Fixed NULL pointer dereference. See PR#3321"
d0666f289ac013094bbbf547bfbcd616199b7d2d
"evp: prevent underflow in base64 decoding. This patch resolves RT ticket #2608."
a41d5174e27c99d1caefd76a8e927c814ede509e
"Initialize num properly."
8eb094b9460575a328ba04708147c91fc267b394
"Double free in i2o_ECPublicKey. PR: 3338."
9c8dc84ac16a2f21063ae36809d202d0284ecf82
"Fix double frees."
BUG=381169
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@275836 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
Diffstat (limited to 'openssl/ssl/s3_pkt.c')
-rw-r--r-- | openssl/ssl/s3_pkt.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/openssl/ssl/s3_pkt.c b/openssl/ssl/s3_pkt.c index 98d448d..03ed461 100644 --- a/openssl/ssl/s3_pkt.c +++ b/openssl/ssl/s3_pkt.c @@ -641,9 +641,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, SSL3_BUFFER *wb=&(s->s3->wbuf); SSL_SESSION *sess; - if (wb->buf == NULL) - if (!ssl3_setup_write_buffer(s)) - return -1; /* first check if there is a SSL3_BUFFER still being written * out. This will happen with non blocking IO */ @@ -659,6 +656,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* if it went, fall through and send more stuff */ } + if (wb->buf == NULL) + if (!ssl3_setup_write_buffer(s)) + return -1; + if (len == 0 && !create_empty_fragment) return 0; @@ -1060,7 +1061,7 @@ start: { s->rstate=SSL_ST_READ_HEADER; rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) ssl3_release_read_buffer(s); } } |