Ensure we properly release DTLS buffered app data records

If we read an app data record before we have read the Finished we buffer
it. Once we've read it we need to make sure we've properly released it
otherwise we will attempt to read it again (and this time there will be
no data in it).

Fixes #27316

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/27543)

(cherry picked from commit d459d00f97959d5003b29f32d52a53208507cda1)
(cherry picked from commit 448815dd26556bf2361783307e9ee22465ec9d6c)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 9e3d06769a3d9460b6628575503ea1ab8ddca7d6..1fd24582ab49124562cc8d3ce47769942a8cd122 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -570,6 +570,7 @@ int ssl_release_record(SSL_CONNECTION *s, TLS_RECORD *rr, size_t length)
         /* We allocated the buffers for this record (only happens with DTLS) */
         OPENSSL_free(rr->allocdata);
         rr->allocdata = NULL;
+        s->rlayer.curr_rec++;
     }
     rr->length -= length;
     if (rr->length > 0)