Prevent potential NULL pointer dereference in ssl_read_record()

4224bc0a · Paul Bakker · 563ad026 · 4224bc0a · 4224bc0a
Commit 4224bc0a authored Apr 08, 2014 by Paul Bakker
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

ChangeLog ChangeLog +2 -0

library/ssl_tls.c library/ssl_tls.c +2 -1

No files found.
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@ Security
     This affects certificates in the user-supplied chain except the top
     certificate. If the user-supplied chain contains only one certificates,
     it is not affected (ie, its notAfter date is properly checked).
+   * Prevent potential NULL pointer dereference in ssl_read_record() (found by
+     TrustInSoft)

 Bugfix
   * The length of various ClientKeyExchange messages was not properly checked.

--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2087,7 +2087,8 @@ int ssl_read_record( ssl_context *ssl )
            return( POLARSSL_ERR_SSL_INVALID_RECORD );
        }

-        ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+        if( ssl->state != SSL_HANDSHAKE_OVER )
+            ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );

        return( 0 );
    }