]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 17bbc16)
Various NULL checks
authorAndrew Dinh <andrewd@openssl.org>
Thu, 20 Feb 2025 05:24:00 +0000 (12:24 +0700)
committerNeil Horman <nhorman@openssl.org>
Fri, 21 Feb 2025 20:07:27 +0000 (15:07 -0500)
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643035
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643039
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643041
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643044
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643045
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643046

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26840)

ssl/quic/quic_impl.c patch | blob | blame | history
ssl/quic/quic_port.c patch | blob | blame | history
ssl/quic/quic_tls.c patch | blob | blame | history
ssl/ssl_cert_comp.c patch | blob | blame | history
ssl/ssl_lib.c patch | blob | blame | history

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index b108802734516003a49a86de53b524bee79dc19e..c00cc7305cdadadce3158430337005de3085a8e5 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -999,15 +999,17 @@ static uint64_t quic_mask_or_options(SSL *ssl, uint64_t mask_value, uint64_t or_
               & OSSL_QUIC_PERMITTED_OPTIONS;
     }
 
+    ret = ctx.qc->default_ssl_options;
     if (ctx.xso != NULL) {
         ctx.xso->ssl_options
             = ((ctx.xso->ssl_options & ~mask_value) | or_value)
             & OSSL_QUIC_PERMITTED_OPTIONS_STREAM;
 
         xso_update_options(ctx.xso);
-    }
 
-    ret = ctx.is_stream ? ctx.xso->ssl_options : ctx.qc->default_ssl_options;
+        if (ctx.is_stream)
+            ret = ctx.xso->ssl_options;
+    }
 
     qctx_unlock(&ctx);
     return ret;
diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index a56d119a12c005e5a0f3474c4f735445034f1ca7..ce5d6b30e84bf56b96acb6d93c67cab23f1fc75c 100644 (file)
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -593,6 +593,7 @@ void ossl_quic_port_drop_incoming(QUIC_PORT *port)
     QUIC_CHANNEL *ch;
     SSL *tls;
     SSL *user_ssl;
+    SSL_CONNECTION *sc;
 
     for (;;) {
         ch = ossl_quic_port_pop_incoming(port);
@@ -608,7 +609,11 @@ void ossl_quic_port_drop_incoming(QUIC_PORT *port)
          * which sends us through ossl_quic_free, which then drops the actual
          * ch->tls ref and frees the channel
          */
-        user_ssl = SSL_CONNECTION_GET_USER_SSL(SSL_CONNECTION_FROM_SSL(tls));
+        sc = SSL_CONNECTION_FROM_SSL(tls);
+        if (sc == NULL)
+            break;
+
+        user_ssl = SSL_CONNECTION_GET_USER_SSL(sc);
         if (user_ssl == tls) {
             ossl_quic_channel_free(ch);
             SSL_free(tls);
diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index 546d09d46b42079a4dbfa1219367d5718c007ed6..ef0e3a3d5539a58c7743f84e80be2667a0eb9e04 100644 (file)
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -712,7 +712,7 @@ int ossl_quic_tls_configure(QUIC_TLS *qtls)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
 
-    if (!SSL_set_min_proto_version(qtls->args.s, TLS1_3_VERSION))
+    if (sc == NULL || !SSL_set_min_proto_version(qtls->args.s, TLS1_3_VERSION))
         return RAISE_INTERNAL_ERROR(qtls);
 
     SSL_clear_options(qtls->args.s, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
diff --git a/ssl/ssl_cert_comp.c b/ssl/ssl_cert_comp.c
index 010e03a702d4f8b3de2f4390f15c3d8c990d5709..e5950dc08ac33372b07912eb47b44cda2d70cadd 100644 (file)
--- a/ssl/ssl_cert_comp.c
+++ b/ssl/ssl_cert_comp.c
@@ -414,6 +414,9 @@ size_t SSL_get1_compressed_cert(SSL *ssl, int alg, unsigned char **data, size_t
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ssl);
     CERT_PKEY *cpk = NULL;
 
+    if (sc == NULL)
+        return 0;
+
     if (sc->cert != NULL)
         cpk = sc->cert->key;
     else
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 5d01b1d3941700b5490fe0cedece1587afbd65a0..28bac483b823e420fba22c0338b0c517429b1374 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -8267,7 +8267,7 @@ int SSL_get0_client_cert_type(const SSL *s, unsigned char **t, size_t *len)
 {
     const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
 
-    if (t == NULL || len == NULL)
+    if (t == NULL || len == NULL || sc == NULL)
         return 0;
 
     *t = sc->client_cert_type;
@@ -8279,7 +8279,7 @@ int SSL_get0_server_cert_type(const SSL *s, unsigned char **t, size_t *len)
 {
     const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
 
-    if (t == NULL || len == NULL)
+    if (t == NULL || len == NULL || sc == NULL)
         return 0;
 
     *t = sc->server_cert_type;
Mirror of https://github.com/openssl/openssl.git