diff options
author | Matt Caswell <matt@openssl.org> | 2023-08-15 15:33:34 +0100 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-08-17 08:06:43 +0100 |
commit | 92e3f43aec553145b4d4cbb4dbd3df9658a05bb4 (patch) | |
tree | afe3149698b098f08ca8064a400a82ea84090a37 /ssl/record | |
parent | e16c0103083af676af8c5564bb21585d4574f992 (diff) |
Don't free the prev BIO prematurely
We shouldn't free the prev BIO in ssl_set_new_record_layer until it is
no longer referenced by s->rlayer.rrlnext.
Found by the reproducible error patch in #21668
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)
Diffstat (limited to 'ssl/record')
-rw-r--r-- | ssl/record/rec_layer_s3.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 2f5a611470..16726019f9 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1325,7 +1325,6 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version, next = BIO_new(BIO_s_mem()); if (next == NULL) { - BIO_free(prev); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } |