Address coverity-reported NULL dereference in SSL_SESSION_print()
authorBenjamin Kaduk <kaduk@mit.edu>
Sun, 1 Jul 2018 17:49:24 +0000 (12:49 -0500)
committerBenjamin Kaduk <kaduk@mit.edu>
Sun, 1 Jul 2018 23:20:11 +0000 (18:20 -0500)
We need to check the provided SSL_SESSION* for NULL before
attempting to derference it to see if it's a TLS 1.3 session.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6622)

ssl/ssl_txt.c

index 3856491..cf6e4c3 100644 (file)
@@ -33,10 +33,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
 {
     size_t i;
     const char *s;
-    int istls13 = (x->ssl_version == TLS1_3_VERSION);
+    int istls13;
 
     if (x == NULL)
         goto err;
+    istls13 = (x->ssl_version == TLS1_3_VERSION);
     if (BIO_puts(bp, "SSL-Session:\n") <= 0)
         goto err;
     s = ssl_protocol_to_string(x->ssl_version);