Avoid potentially passing NULL arguments
Several call sites flagged by Coverity that may potentially cause
a pointer argument to be NULL.
In two cases the issue is using a function call as a parameter to
a second function, where the first function may return NULL, while
the second function does not check for the NULL argument value.
Remaining case is when static configuration is mixed with run-time
decision, that could result in a data buffer argument being NULL.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 486632e..8e0ec6a 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2628,8 +2628,9 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- if ( mbedtls_ssl_ciphersuite_uses_ec(
- mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) )
+ const mbedtls_ssl_ciphersuite_t *suite =
+ mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
+ if ( suite != NULL && mbedtls_ssl_ciphersuite_uses_ec( suite) )
{
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen;
@@ -2854,7 +2855,14 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
+ const mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl );
+ if( private_key == NULL)
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no ECDH private key" ) );
+ return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
+ }
+
+ if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_ECKEY ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
@@ -3233,6 +3241,12 @@
*/
if( md_alg != MBEDTLS_MD_NONE )
{
+ if( dig_signed == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
dig_signed,
dig_signed_len,