From: Andrew Dinh <andrewd@openssl.org>
Date: Wed, 19 Feb 2025 06:49:06 +0000 (+0700)
Subject: NULL checks for QUIC code
X-Git-Tag: openssl-3.5.0-alpha1~138
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3820f2da7cb76ad48b3078d9e705176088a04c99;p=thirdparty%2Fopenssl.git

NULL checks for QUIC code

Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643033
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643032
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643031
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643030
Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643029

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26825)
---

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 4288788d422..b1088027345 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -4586,7 +4586,11 @@ SSL *ossl_quic_accept_connection(SSL *ssl, uint64_t flags)
      * we just need to extract it
      */
     conn_ssl = ossl_quic_channel_get0_tls(new_ch);
+    if (conn_ssl == NULL)
+        goto out;
     conn_ssl = SSL_CONNECTION_GET_USER_SSL(SSL_CONNECTION_FROM_SSL(conn_ssl));
+    if (conn_ssl == NULL)
+        goto out;
     qc = (QUIC_CONNECTION *)conn_ssl;
     qc->listener = ctx.ql;
     qc->pending = 0;
diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index 03acbd10778..6d524d73ee8 100644
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -770,9 +770,13 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)
 
     if (!qtls->configured) {
         SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
-        SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(sc);
+        SSL_CTX *sctx;
         BIO *nullbio;
 
+        if (sc == NULL)
+            return RAISE_INTERNAL_ERROR(qtls);
+        sctx = SSL_CONNECTION_GET_CTX(sc);
+
         /*
          * No matter how the user has configured us, there are certain
          * requirements for QUIC-TLS that we enforce
@@ -887,6 +891,9 @@ int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls)
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
 
+    if (sc == NULL)
+        return 0;
+
     return sc->s3.tmp.message_type == SSL3_MT_CERTIFICATE_REQUEST;
 }
 
diff --git a/ssl/quic/quic_tls_api.c b/ssl/quic/quic_tls_api.c
index 17580b62df9..4ba9f934c16 100644
--- a/ssl/quic/quic_tls_api.c
+++ b/ssl/quic/quic_tls_api.c
@@ -179,6 +179,9 @@ int SSL_set_quic_tls_transport_params(SSL *s,
 {
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s);
 
+    if (sc == NULL)
+        return 0;
+
     if (sc->qtls == NULL) {
         ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
         return 0;