@@ -, +, @@ --- ssl/record/methods/tls_common.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- openssl-3.0.8/ssl/record/ssl3_buffer.c +++ openssl-3.0.8/ssl/record/ssl3_buffer.c @@ -186,5 +186,7 @@ int ssl3_release_read_buffer(SSL *s) OPENSSL_cleanse(b->buf, b->len); OPENSSL_free(b->buf); b->buf = NULL; + s->rlayer.packet = NULL; + s->rlayer.packet_length = 0; return 1; } --- openssl-3.0.8/ssl/record/rec_layer_s3.c +++ openssl-3.0.8/ssl/record/rec_layer_s3.c @@ -238,6 +238,11 @@ int ssl3_read_n(SSL *s, size_t n, size_t s->rlayer.packet_length = 0; /* ... now we can act as if 'extend' was set */ } + if (!ossl_assert(s->rlayer.packet != NULL)) { + /* does not happen */ + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return -1; + } len = s->rlayer.packet_length; pkt = rb->buf + align;