Prevent potential NULL pointer dereference in ssl_read_record()

2026-04-01 10:11:08 +02:00 · 2014-04-08 14:36:50 +02:00
parent 6995efe8be
commit dedce0c35c
2 changed files with 4 additions and 1 deletions
--- a/2
+++ b/2
@@ -17,6 +17,8 @@ Security
     attack was already impossible when authentication is required).
   * Check notBefore timestamp of certificates and CRLs from the future.
   * Forbid sequence number wrapping
+   * Prevent potential NULL pointer dereference in ssl_read_record() (found by
+     TrustInSoft)

 Bugfix
   * Fixed X.509 hostname comparison (with non-regular characters)
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1922,7 +1922,8 @@ int ssl_read_record( ssl_context *ssl )
            return( POLARSSL_ERR_SSL_INVALID_RECORD );
        }

-        ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+        if( ssl->state != SSL_HANDSHAKE_OVER )
+            ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );

        return( 0 );
    }