From: Matt Caswell <matt@openssl.org>
Date: Thu, 10 Dec 2020 10:36:23 +0000 (+0000)
Subject: Ensure DTLS free functions can handle NULL
X-Git-Tag: OpenSSL_1_1_1j~33
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=37d9e3d7fdfbe7713adcdeca55b1303c6ad8dc12;p=thirdparty%2Fopenssl.git

Ensure DTLS free functions can handle NULL

Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
related objects.

Fixes #13649

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13655)

(cherry picked from commit d0afb30ef3950cacff50ec539e90073b95a276df)
---

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 2a15ee8ad96..8874bed353d 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -142,10 +142,11 @@ void dtls1_free(SSL *s)
 
     ssl3_free(s);
 
-    dtls1_clear_queues(s);
-
-    pqueue_free(s->d1->buffered_messages);
-    pqueue_free(s->d1->sent_messages);
+    if (s->d1 != NULL) {
+        dtls1_clear_queues(s);
+        pqueue_free(s->d1->buffered_messages);
+        pqueue_free(s->d1->sent_messages);
+    }
 
     OPENSSL_free(s->d1);
     s->d1 = NULL;
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index e56c6b95958..d0cb72d7570 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
 
 void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
 {
+    if (rl->d == NULL)
+        return;
+
     DTLS_RECORD_LAYER_clear(rl);
     pqueue_free(rl->d->unprocessed_rcds.q);
     pqueue_free(rl->d->processed_rcds.q);