From: Andrew Dinh <andrewd@openssl.org>
Date: Wed, 26 Feb 2025 14:30:18 +0000 (+0700)
Subject: QUIC NULL checks
X-Git-Tag: openssl-3.5.0-alpha1~49
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=442f1958e8f2c4f35a29a2e921e29aee1ceeccb3;p=thirdparty%2Fopenssl.git

QUIC NULL checks

- Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643029
- Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643030
- Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643141

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26916)
---

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 3bf8b357bd7..19c7c89e8c7 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4543,6 +4543,7 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
     int ret;
     QCTX ctx;
     SSL *conn_ssl = NULL;
+    SSL_CONNECTION *conn = NULL;
     QUIC_CHANNEL *new_ch = NULL;
     QUIC_CONNECTION *qc;
     int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0);
@@ -4578,8 +4579,6 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
         ossl_quic_reactor_tick(ossl_quic_engine_get0_reactor(ctx.ql->engine), 0);
 
         new_ch = ossl_quic_port_pop_incoming(ctx.ql->port);
-        if (new_ch == NULL)
-            goto out;
     }
 
     /*
@@ -4587,11 +4586,10 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
      * created channel, so once we pop the new channel from the port above
      * we just need to extract it
      */
-    conn_ssl = ossl_quic_channel_get0_tls(new_ch);
-    if (conn_ssl == NULL)
-        goto out;
-    conn_ssl = SSL_CONNECTION_GET_USER_SSL(SSL_CONNECTION_FROM_SSL(conn_ssl));
-    if (conn_ssl == NULL)
+    if (new_ch == NULL
+        || (conn_ssl = ossl_quic_channel_get0_tls(new_ch)) == NULL
+        || (conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) == NULL
+        || (conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) == NULL)
         goto out;
     qc = (QUIC_CONNECTION *)conn_ssl;
     qc->listener = ctx.ql;
diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index ef0e3a3d553..78763660d0b 100644
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -917,7 +917,7 @@ int ossl_quic_tls_set_early_data_enabled(QUIC_TLS *qtls, int enabled)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
 
-    if (!SSL_IS_QUIC_HANDSHAKE(sc) || !SSL_in_before(qtls->args.s))
+    if (sc == NULL || !SSL_IS_QUIC_HANDSHAKE(sc) || !SSL_in_before(qtls->args.s))
         return 0;
 
     if (!enabled) {