From d0afb30ef3950cacff50ec539e90073b95a276df Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 10 Dec 2020 10:36:23 +0000
Subject: [PATCH] Ensure DTLS free functions can handle NULL

Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
related objects.

Fixes #13649

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13655)
---
 ssl/d1_lib.c              | 9 +++++----
 ssl/record/rec_layer_d1.c | 3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index cc41eee976..62c5f26e5d 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -142,10 +142,11 @@ void dtls1_free(SSL *s)
 
     ssl3_free(s);
 
-    dtls1_clear_queues(s);
-
-    pqueue_free(s->d1->buffered_messages);
-    pqueue_free(s->d1->sent_messages);
+    if (s->d1 != NULL) {
+        dtls1_clear_queues(s);
+        pqueue_free(s->d1->buffered_messages);
+        pqueue_free(s->d1->sent_messages);
+    }
 
     OPENSSL_free(s->d1);
     s->d1 = NULL;
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index cc412bae37..10321ce015 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
 
 void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
 {
+    if (rl->d == NULL)
+        return;
+
     DTLS_RECORD_LAYER_clear(rl);
     pqueue_free(rl->d->unprocessed_rcds.q);
     pqueue_free(rl->d->processed_rcds.q);