From: Norbert Pocs <norbertp@openssl.org>
Date: Fri, 8 Aug 2025 13:17:06 +0000 (+0200)
Subject: quic_channel.c: NULL check SSL_CONNECTION
X-Git-Tag: openssl-3.6.0-alpha1~196
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5ef06f4abcda15056f9316b3fb4697a0b289d9b;p=thirdparty%2Fopenssl.git

quic_channel.c: NULL check SSL_CONNECTION

Addresses coverity issue #1662037

Fixes: https://github.com/openssl/project/issues/1316

Signed-off-by: Norbert Pocs <norbertp@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28208)
---

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index 652c653b912..12bda515e60 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -1333,6 +1333,11 @@ static int ch_on_transport_params(const unsigned char *params,
     QUIC_PREFERRED_ADDR pfa;
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(ch->tls);
 
+    if (sc == NULL) {
+        ossl_quic_channel_raise_protocol_error(ch, OSSL_QUIC_ERR_INTERNAL_ERROR, 0,
+                                               "could not get ssl connection");
+        return 0;
+    }
     /*
      * When HRR happens the client sends the transport params in the new client
      * hello again. Reset the transport params here and load them again.