Fix seg fault in dtls1_new

Reviewed-by: Richard Levitte <levitte@openssl.org>

3 files changed, 11 insertions, 8 deletions

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 6ffbf5fc83..f959942113 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -124,6 +124,10 @@ int dtls1_new(SSL *s)
 {
     DTLS1_STATE *d1;
 
+    if(!DTLS_RECORD_LAYER_new(&s->rlayer)) {
+        return 0;
+    }
+    
     if (!ssl3_new(s))
         return (0);
     if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) {
@@ -131,12 +135,6 @@ int dtls1_new(SSL *s)
         return (0);
     }
     memset(d1, 0, sizeof *d1);
-    
-    if(!DTLS_RECORD_LAYER_new(&s->rlayer)) {
-        OPENSSL_free(d1);
-        ssl3_free(s);
-        return 0;
-    }
 
     d1->buffered_messages = pqueue_new();
     d1->sent_messages = pqueue_new();
diff --git a/ssl/record/d1_pkt.c b/ssl/record/d1_pkt.c
index 5d0adb9c4e..e5a27883a7 100644
--- a/ssl/record/d1_pkt.c
+++ b/ssl/record/d1_pkt.c
@@ -133,8 +133,7 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
 
 
     rl->d = d;
-    DTLS_RECORD_LAYER_clear(rl);
-    
+
     d->unprocessed_rcds.q = pqueue_new();
     d->processed_rcds.q = pqueue_new();
 
diff --git a/ssl/record/s3_pkt.c b/ssl/record/s3_pkt.c
index 065ad94b08..30df2b741a 100644
--- a/ssl/record/s3_pkt.c
+++ b/ssl/record/s3_pkt.c
@@ -145,8 +145,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
     size_t rlen, wlen;
     int read_ahead;
     SSL *s;
+    DTLS_RECORD_LAYER *d;
 
     s = rl->s;
+    d = rl->d;
     read_ahead = rl->read_ahead;
     rp = SSL3_BUFFER_get_buf(&rl->rbuf);
     rlen = SSL3_BUFFER_get_len(&rl->rbuf);
@@ -165,6 +167,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
     rl->read_ahead = read_ahead;
     rl->rstate = SSL_ST_READ_HEADER;
     rl->s = s;
+    rl->d = d;
+    
+    if(d)
+        DTLS_RECORD_LAYER_clear(rl);
 }
 
 void RECORD_LAYER_release(RECORD_LAYER *rl)