Be careful with parsed TLS handshake details. They may be missing.

author Alex Rousskov <rousskov@measurement-factory.com>

Sat, 23 Apr 2016 04:57:06 +0000 (22:57 -0600)

committer Alex Rousskov <rousskov@measurement-factory.com>

Sat, 23 Apr 2016 04:57:06 +0000 (22:57 -0600)
author Alex Rousskov <rousskov@measurement-factory.com>
Sat, 23 Apr 2016 04:57:06 +0000 (22:57 -0600)
committer Alex Rousskov <rousskov@measurement-factory.com>
Sat, 23 Apr 2016 04:57:06 +0000 (22:57 -0600)
diff --git a/src/client_side.cc b/src/client_side.cc

index 917471ed02291cad4692f2767f470cb1fa4f82a1..5a03e00592b345dce4f3b29ccf425c87e9fa29e5 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3219,7 +3219,7 @@ void ConnStateData::startPeekAndSplice(const bool unsupportedProtocol)
  
      if (serverBump()) {
          Security::TlsDetails::Pointer const &details = tlsParser.details;
-        if (!details->serverName.isEmpty()) {
+        if (details && !details->serverName.isEmpty()) {
              serverBump()->clientSni = details->serverName;
              resetSslCommonName(details->serverName.c_str());
          }
diff --git a/src/security/NegotiationHistory.cc b/src/security/NegotiationHistory.cc

index f3aa2de906b163579e32479c98df7b035606114b..4d5b2b16aab4682a6e53a874a50aa80efdb50fa3 100644 (file)
--- a/src/security/NegotiationHistory.cc
+++ b/src/security/NegotiationHistory.cc
@@ -74,8 +74,10 @@ Security::NegotiationHistory::retrieveNegotiatedInfo(Security::SessionPtr ssl)
  void
  Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
  {
-    helloVersion_ = details->tlsVersion;
-    supportedVersion_ = details->tlsSupportedVersion;
+    if (details) {
+        helloVersion_ = details->tlsVersion;
+        supportedVersion_ = details->tlsSupportedVersion;
+    }
  }
  
  const char *
diff --git a/src/ssl/PeekingPeerConnector.cc b/src/ssl/PeekingPeerConnector.cc

index 9c33aab57a575a771cdd54befeaad94a27b5dfb5..f330ae5222398c9d209fee62c4eb2bd7b2f52de5 100644 (file)
--- a/src/ssl/PeekingPeerConnector.cc
+++ b/src/ssl/PeekingPeerConnector.cc
@@ -151,7 +151,7 @@ Ssl::PeekingPeerConnector::initializeSsl()
          SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
  
          const Security::TlsDetails::Pointer details = csd->tlsParser.details;
-        if (details != NULL && !details->serverName.isEmpty())
+        if (details && !details->serverName.isEmpty())
              hostName = new SBuf(details->serverName);
  
          if (!hostName) {
@@ -173,8 +173,7 @@ Ssl::PeekingPeerConnector::initializeSsl()
              BIO *bc = SSL_get_rbio(clientSsl);
              Ssl::ClientBio *cltBio = static_cast<Ssl::ClientBio *>(bc->ptr);
              Must(cltBio);
-            //const Security::TlsDetails::Pointer &details = csd->tlsParser.details;
-            if (details->tlsVersion != -1) {
+            if (details && details->tlsVersion != -1) {
                  applyTlsDetailsToSSL(ssl, details, csd->sslBumpMode);
                  // Should we allow it for all protocols?
                  if (details->tlsVersion >= 3) {
author	Alex Rousskov <rousskov@measurement-factory.com>
	Sat, 23 Apr 2016 04:57:06 +0000 (22:57 -0600)
committer	Alex Rousskov <rousskov@measurement-factory.com>
	Sat, 23 Apr 2016 04:57:06 +0000 (22:57 -0600)
src/client_side.cc		patch \| blob \| blame \| history
src/security/NegotiationHistory.cc		patch \| blob \| blame \| history
src/ssl/PeekingPeerConnector.cc		patch \| blob \| blame \| history