From b86f3c2d93eb7700d5516638d5374023390b256c Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Thu, 8 Nov 2018 20:26:45 +0000
Subject: Ensure the handshake transcript is cleaned up.

Add a check at the completion of the client/server handshake to ensure that
the handshake transcript has been freed. Fix the case where a server asks
the client for a certificate, but it does not have one, resulting in the
handshake transcript being left around post-handshake.

ok bcook@ tb@
---
 src/lib/libssl/ssl_srvr.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/lib/libssl/ssl_srvr.c')

diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index e046438cc0..f077140b90 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.48 2018/08/27 17:04:34 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.49 2018/11/08 20:26:45 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -707,6 +707,12 @@ ssl3_accept(SSL *s)
 			/* clean a few things up */
 			tls1_cleanup_key_block(s);
 
+			if (S3I(s)->handshake_buffer != NULL) {
+				SSLerror(s, ERR_R_INTERNAL_ERROR);
+				ret = -1;
+				goto end;
+			}
+
 			if (!SSL_IS_DTLS(s)) {
 				BUF_MEM_free(s->internal->init_buf);
 				s->internal->init_buf = NULL;
-- 
cgit v1.2.3-55-g6feb