diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-02-09 17:19:50 +0100 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2018-02-09 19:52:31 +0100 |
commit | ebc20cfa746cb7dec91aff1e241063d785644fe3 (patch) | |
tree | b1b02ad1b14bd91b9dfe305790e876689e39ca90 /ssl | |
parent | c423ecaa7f6d0cc77c4f121c6de7d585439bca8f (diff) | |
download | openssl-ebc20cfa746cb7dec91aff1e241063d785644fe3.tar.gz |
Swap the check in ssl3_write_pending to avoid using
the possibly indeterminate pointer value in wpend_buf.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5305)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/record/rec_layer_s3.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 24e260efbe..fbb7461772 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1115,8 +1115,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, size_t tmpwrit = 0; if ((s->rlayer.wpend_tot > len) - || ((s->rlayer.wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) + || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) + && (s->rlayer.wpend_buf != buf)) || (s->rlayer.wpend_type != type)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); |