From d2a33efd394f216e04a28a3ce69526dbbec2385a Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 2 May 2025 16:37:32 +0100
Subject: [PATCH] Ensure we properly release DTLS buffered app data records

If we read an app data record before we have read the Finished we buffer
it. Once we've read it we need to make sure we've properly released it
otherwise we will attempt to read it again (and this time there will be
no data in it).

Fixes #27316

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/27543)
---
 ssl/record/rec_layer_s3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 0930222edb1..270dfcde965 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -572,6 +572,7 @@ int ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr, size_t length)
         /* We allocated the buffers for this record (only happens with DTLS) */
         OPENSSL_free(rr->allocdata);
         rr->allocdata = NULL;
+        s->rlayer.curr_rec++;
     }
     rr->length -= length;
     if (rr->length > 0)
-- 
2.47.3