The branch OpenSSL_1_1_0-stable has been updated via 5a91d3888832d96400630e76a15121ead56aeeec (commit) from 622ddb57798bb5c895b0fe40e3fd89fdb4cdbc65 (commit)
- Log ----------------------------------------------------------------- commit 5a91d3888832d96400630e76a15121ead56aeeec Author: Bernd Edlinger <bernd.edlin...@hotmail.de> Date: Fri Feb 9 18:09:59 2018 +0100 Swap the check in ssl3_write_pending to avoid using the possibly indeterminate pointer value in wpend_buf. Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5307) ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_s3.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 3a0ed74..3cfefb3 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -894,10 +894,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, SSL3_BUFFER *wb = s->rlayer.wbuf; unsigned int currbuf = 0; -/* XXXX */ if ((s->rlayer.wpend_tot > (int)len) - || ((s->rlayer.wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) + || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER) + && (s->rlayer.wpend_buf != buf)) || (s->rlayer.wpend_type != type)) { SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY); return (-1); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits