Upstream-Status: Backport

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837

CVE-2014-0198: An attacker can trigger generation of an SSL
alert which could cause a null pointer dereference.

Signed-off-by: Maxin B. John <maxin.john@enea.com>
---
diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c
--- openssl-1.0.1g-orig/ssl/s3_pkt.c	2014-03-17 17:14:20.000000000 +0100
+++ openssl-1.0.1g/ssl/s3_pkt.c	2014-05-06 02:32:43.862587660 +0200
@@ -657,6 +657,10 @@
 		if (i <= 0)
 			return(i);
 		/* if it went, fall through and send more stuff */
+		/* we may have released our buffer, so get it again */
+		if (wb->buf == NULL)
+			if (!ssl3_setup_write_buffer(s))
+				return -1;
 		}
 
 	if (len == 0 && !create_empty_fragment)