From 49a4d72f5fec9eadd8b8aff2db054a2794f3debb Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Fri, 22 Apr 2016 22:57:06 -0600
Subject: [PATCH] Be careful with parsed TLS handshake details. They may be
 missing.

TODO: Convert HandshakeParser::details pointer into an always-available
object?
---
 src/client_side.cc                 | 2 +-
 src/security/NegotiationHistory.cc | 6 ++++--
 src/ssl/PeekingPeerConnector.cc    | 5 ++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/client_side.cc b/src/client_side.cc
index 917471ed02..5a03e00592 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3219,7 +3219,7 @@ void ConnStateData::startPeekAndSplice(const bool unsupportedProtocol)
 
     if (serverBump()) {
         Security::TlsDetails::Pointer const &details = tlsParser.details;
-        if (!details->serverName.isEmpty()) {
+        if (details && !details->serverName.isEmpty()) {
             serverBump()->clientSni = details->serverName;
             resetSslCommonName(details->serverName.c_str());
         }
diff --git a/src/security/NegotiationHistory.cc b/src/security/NegotiationHistory.cc
index f3aa2de906..4d5b2b16aa 100644
--- a/src/security/NegotiationHistory.cc
+++ b/src/security/NegotiationHistory.cc
@@ -74,8 +74,10 @@ Security::NegotiationHistory::retrieveNegotiatedInfo(Security::SessionPtr ssl)
 void
 Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer const &details)
 {
-    helloVersion_ = details->tlsVersion;
-    supportedVersion_ = details->tlsSupportedVersion;
+    if (details) {
+        helloVersion_ = details->tlsVersion;
+        supportedVersion_ = details->tlsSupportedVersion;
+    }
 }
 
 const char *
diff --git a/src/ssl/PeekingPeerConnector.cc b/src/ssl/PeekingPeerConnector.cc
index 9c33aab57a..f330ae5222 100644
--- a/src/ssl/PeekingPeerConnector.cc
+++ b/src/ssl/PeekingPeerConnector.cc
@@ -151,7 +151,7 @@ Ssl::PeekingPeerConnector::initializeSsl()
         SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
 
         const Security::TlsDetails::Pointer details = csd->tlsParser.details;
-        if (details != NULL && !details->serverName.isEmpty())
+        if (details && !details->serverName.isEmpty())
             hostName = new SBuf(details->serverName);
 
         if (!hostName) {
@@ -173,8 +173,7 @@ Ssl::PeekingPeerConnector::initializeSsl()
             BIO *bc = SSL_get_rbio(clientSsl);
             Ssl::ClientBio *cltBio = static_cast<Ssl::ClientBio *>(bc->ptr);
             Must(cltBio);
-            //const Security::TlsDetails::Pointer &details = csd->tlsParser.details;
-            if (details->tlsVersion != -1) {
+            if (details && details->tlsVersion != -1) {
                 applyTlsDetailsToSSL(ssl, details, csd->sslBumpMode);
                 // Should we allow it for all protocols?
                 if (details->tlsVersion >= 3) {
-- 
2.47.2