From: Matt Caswell <matt@openssl.org>
Date: Thu, 10 Dec 2020 10:36:23 +0000 (+0000)
Subject: Ensure DTLS free functions can handle NULL
X-Git-Tag: openssl-3.0.0-alpha11~160
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0afb30ef3950cacff50ec539e90073b95a276df;p=thirdparty%2Fopenssl.git

Ensure DTLS free functions can handle NULL

Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
related objects.

Fixes #13649

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13655)
---

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index cc41eee9762..62c5f26e5d1 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -142,10 +142,11 @@ void dtls1_free(SSL *s)
 
     ssl3_free(s);
 
-    dtls1_clear_queues(s);
-
-    pqueue_free(s->d1->buffered_messages);
-    pqueue_free(s->d1->sent_messages);
+    if (s->d1 != NULL) {
+        dtls1_clear_queues(s);
+        pqueue_free(s->d1->buffered_messages);
+        pqueue_free(s->d1->sent_messages);
+    }
 
     OPENSSL_free(s->d1);
     s->d1 = NULL;
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index cc412bae375..10321ce0159 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
 
 void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
 {
+    if (rl->d == NULL)
+        return;
+
     DTLS_RECORD_LAYER_clear(rl);
     pqueue_free(rl->d->unprocessed_rcds.q);
     pqueue_free(rl->d->processed_rcds.q);