pre_shared_key: add null check on pskcred

Fixes: #1790
Fixes: GNUTLS-SA-2026-02-09-1
Fixes: CVE-2026-1584
Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

diff --git a/NEWS b/NEWS
index c2ac0a254dc420c02f1669fb5f7a90d90f95b026..e506db547a76d8b6f938ae353a5a2ff80399e364 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,13 @@ See the end for copying conditions.
 
 * Version 3.8.12 (unreleased)
 
+** libgnutls: Fix NULL pointer dereference in PSK binder verification
+   A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello
+   could lead to a denial of service attack via crashing the server.
+   The updated code guards against the problematic dereference.
+   Reported by Jaehun Lee.
+   [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584]
+
 ** libgnutls: Fix multiple unexploitable overflows
    Reported by Tim Rühsen (#1783, #1786).
 

diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
index b9ee2e135fff9802cc934513a317264e8ecc2ce4..f641948da0cb67cd79fb3abb4bfe70686d80a43e 100644 (file)
--- a/lib/ext/pre_shared_key.c
+++ b/lib/ext/pre_shared_key.c
@@ -983,7 +983,8 @@ retry_binder:
                 * even for SHA384 PSKs, so we need to retry with SHA256
                 * to calculate the correct binder value for those.
                 */
-               if (pskcred->binder_algo == NULL && mac == GNUTLS_MAC_SHA384) {
+               if (pskcred && pskcred->binder_algo == NULL &&
+                   mac == GNUTLS_MAC_SHA384) {
                        mac = GNUTLS_MAC_SHA256;
                        _gnutls_free_key_datum(&key);
                        goto retry_binder;