]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9688973)
QUIC NULL checks
authorAndrew Dinh <andrewd@openssl.org>
Wed, 26 Feb 2025 14:30:18 +0000 (21:30 +0700)
committerNeil Horman <nhorman@openssl.org>
Thu, 27 Feb 2025 15:23:38 +0000 (10:23 -0500)
- Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643029
- Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643030
- Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643141

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26916)

ssl/quic/quic_impl.c patch | blob | blame | history
ssl/quic/quic_tls.c patch | blob | blame | history

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 3bf8b357bd7d02e0eb5582c6f48fc048a269bb6d..19c7c89e8c74227daf27f7720422fab1c474887b 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4543,6 +4543,7 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
     int ret;
     QCTX ctx;
     SSL *conn_ssl = NULL;
+    SSL_CONNECTION *conn = NULL;
     QUIC_CHANNEL *new_ch = NULL;
     QUIC_CONNECTION *qc;
     int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0);
@@ -4578,8 +4579,6 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
         ossl_quic_reactor_tick(ossl_quic_engine_get0_reactor(ctx.ql->engine), 0);
 
         new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
-        if (new_ch == NULL)
-            goto out;
     }
 
     /*
@@ -4587,11 +4586,10 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
      * created channel, so once we pop the new channel from the port above
      * we just need to extract it
      */
-    conn_ssl = ossl_quic_channel_get0_tls(new_ch);
-    if (conn_ssl == NULL)
-        goto out;
-    conn_ssl = SSL_CONNECTION_GET_USER_SSL(SSL_CONNECTION_FROM_SSL(conn_ssl));
-    if (conn_ssl == NULL)
+    if (new_ch == NULL
+        || (conn_ssl = ossl_quic_channel_get0_tls(new_ch)) == NULL
+        || (conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) == NULL
+        || (conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) == NULL)
         goto out;
     qc = (QUIC_CONNECTION *)conn_ssl;
     qc->listener = ctx.ql;
diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index ef0e3a3d5539a58c7743f84e80be2667a0eb9e04..78763660d0bdfeffd59b3a0d19ad02371599052e 100644 (file)
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -917,7 +917,7 @@ int ossl_quic_tls_set_early_data_enabled(QUIC_TLS *qtls, int enabled)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
 
-    if (!SSL_IS_QUIC_HANDSHAKE(sc) || !SSL_in_before(qtls->args.s))
+    if (sc == NULL || !SSL_IS_QUIC_HANDSHAKE(sc) || !SSL_in_before(qtls->args.s))
         return 0;
 
     if (!enabled) {
Mirror of https://github.com/openssl/openssl.git