Fix potential NULL pointer dereference in final_maxfragmentlen()

In the final_maxfragmentlen() function, s->session is checked
for NULL after it was dereferenced earlier.
So move this NULL check to the top of the function.

CLA: trivial

Fixes: fa49560451 (Fix handling of max_fragment_length extension for PSK)
Signed-off-by: Andrey Tsygunka <aitsygunka@yandex.ru>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/27272)

(cherry picked from commit 28de1f5004c1083d358e6934552124a201e0251e)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 762c7ac0d4ef40b8a69373e1fbe73dd612d05467..e71a79c7e886bd11727e4f880d88e930d7fef8bd 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -1759,11 +1759,14 @@ static int final_early_data(SSL_CONNECTION *s, unsigned int context, int sent)
 static int final_maxfragmentlen(SSL_CONNECTION *s, unsigned int context,
                                 int sent)
 {
+    if (s->session == NULL)
+        return 1;
+
     /* MaxFragmentLength defaults to disabled */
     if (s->session->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_UNSPECIFIED)
         s->session->ext.max_fragment_len_mode = TLSEXT_max_fragment_length_DISABLED;
 
-    if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) {
+    if (USE_MAX_FRAGMENT_LENGTH_EXT(s->session)) {
         s->rlayer.rrlmethod->set_max_frag_len(s->rlayer.rrl,
                                               GET_MAX_FRAGMENT_LENGTH(s->session));
         s->rlayer.wrlmethod->set_max_frag_len(s->rlayer.wrl,