NULL checks for QUIC code

Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643033
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643032
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643031
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643030
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643029

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26825)

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 4288788d4220dc530421cef9771f0f97085a752c..b108802734516003a49a86de53b524bee79dc19e 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4586,7 +4586,11 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
      * we just need to extract it
      */
     conn_ssl = ossl_quic_channel_get0_tls(new_ch);
+    if (conn_ssl == NULL)
+        goto out;
     conn_ssl = SSL_CONNECTION_GET_USER_SSL(SSL_CONNECTION_FROM_SSL(conn_ssl));
+    if (conn_ssl == NULL)
+        goto out;
     qc = (QUIC_CONNECTION *)conn_ssl;
     qc->listener = ctx.ql;
     qc->pending = 0;

diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index 03acbd107784754fa683a458492654bdb13bb103..6d524d73ee85b7a93c72db4e5d413a45a556dabb 100644 (file)
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -770,9 +770,13 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)
 
     if (!qtls->configured) {
         SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
-        SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc);
+        SSL_CTX *sctx;
         BIO *nullbio;
 
+        if (sc == NULL)
+            return RAISE_INTERNAL_ERROR(qtls);
+        sctx = SSL_CONNECTION_GET_CTX(sc);
+
         /*
          * No matter how the user has configured us, there are certain
          * requirements for QUIC-TLS that we enforce
@@ -887,6 +891,9 @@ int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
 
+    if (sc == NULL)
+        return 0;
+
     return sc->s3.tmp.message_type == SSL3_MT_CERTIFICATE_REQUEST;
 }
 

diff --git a/ssl/quic/quic_tls_api.c b/ssl/quic/quic_tls_api.c
index 17580b62df909029f934610a2b62ee8f06e7f02f..4ba9f934c16f1688a4a4cbb4e637ebceeb2dbe31 100644 (file)
--- a/ssl/quic/quic_tls_api.c
+++ b/ssl/quic/quic_tls_api.c
@@ -179,6 +179,9 @@ int SSL_set_quic_tls_transport_params(SSL *s,
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
 
+    if (sc == NULL)
+        return 0;
+
     if (sc->qtls == NULL) {
         ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;