From: Matt Caswell <matt@openssl.org>
Date: Wed, 27 Jul 2022 13:52:13 +0000 (+0100)
Subject: Ensure the rrl object is set to NULL after it is freed
X-Git-Tag: openssl-3.2.0-alpha1~2197
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efc84eacb7a500306c7cb55e4e2d707dfd9d1ac1;p=thirdparty%2Fopenssl.git

Ensure the rrl object is set to NULL after it is freed

Once we free the rrl object we should NULL it to prevent a dangling ref
to it. Otherwise we could get a double free.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
---

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 807cc43c15d..c187141ee98 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1774,6 +1774,7 @@ int ssl_set_new_record_layer(SSL_CONNECTION *s, int version,
         return 0;
     }
 
+    s->rlayer.rrl = NULL;
     if (meth != NULL)
         s->rlayer.rrlmethod = meth;