Make sure ssl3_setup_buffers() does not return upon error with a freed

pqueue still chained, by inserting it into the list only after all possible
failure conditions have been avoided.

Reported and fix proposed by David Ramos; ok beck@

1 files changed, 7 insertions, 7 deletions

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index 5d3aaceac6..df18e5bae3 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -247,13 +247,6 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
         }
 #endif
 
-        /* insert should not fail, since duplicates are dropped */
-        if (pqueue_insert(queue->q, item) == NULL) {
-                free(rdata);
-                pitem_free(item);
-                return (0);
-        }
-
         s->packet = NULL;
         s->packet_length = 0;
         memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
@@ -266,6 +259,13 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
                 return (0);
         }
 
+        /* insert should not fail, since duplicates are dropped */
+        if (pqueue_insert(queue->q, item) == NULL) {
+                free(rdata);
+                pitem_free(item);
+                return (0);
+        }
+
         return (1);
 }