From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri, 9 Feb 2018 18:31:36 +0000 (+0100)
Subject: Swap the check in ssl3_write_pending to avoid using
X-Git-Tag: OpenSSL_1_0_2o~35
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=575c69f97ca7c8cfaf2a448272f7a1615308acdd;p=openssl

Swap the check in ssl3_write_pending to avoid using
the possibly indeterminate pointer value in wpend_buf.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5309)
---

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index d74a91d668..c79a5077d9 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1096,10 +1096,9 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
     int i;
     SSL3_BUFFER *wb = &(s->s3->wbuf);
 
-/* XXXX */
     if ((s->s3->wpend_tot > (int)len)
-        || ((s->s3->wpend_buf != buf) &&
-            !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
+        || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+            && (s->s3->wpend_buf != buf))
         || (s->s3->wpend_type != type)) {
         SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
         return (-1);