From 84caa01983e963e1b28f6977070ae7feb3d52316 Mon Sep 17 00:00:00 2001 From: Sudheer Vinukonda Date: Mon, 8 Jun 2020 15:55:14 -0700 Subject: [PATCH] Protect against nullptr access during SSL Callback --- iocore/net/SSLClientUtils.cc | 2 +- iocore/net/SSLUtils.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc index 70f36d1740f..918db0a057f 100644 --- a/iocore/net/SSLClientUtils.cc +++ b/iocore/net/SSLClientUtils.cc @@ -53,7 +53,7 @@ verify_callback(int signature_ok, X509_STORE_CTX *ctx) // No enforcing, go away if (netvc == nullptr) { // No netvc, very bad. Go away. Things are not good. - Warning("Netvc gone by in verify_callback"); + SSLDebug("WARN, Netvc gone by in verify_callback"); return false; } else if (netvc->options.verifyServerPolicy == YamlSNIConfig::Policy::DISABLED) { return true; // Tell them that all is well diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 5dfcd69c38f..9387a65ff21 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1019,7 +1019,7 @@ ssl_callback_info(const SSL *ssl, int where, int ret) SSLNetVConnection *netvc = SSLNetVCAccess(ssl); - if ((where & SSL_CB_ACCEPT_LOOP) && netvc->getSSLHandShakeComplete() == true && + if (netvc && (where & SSL_CB_ACCEPT_LOOP) && netvc->getSSLHandShakeComplete() == true && SSLConfigParams::ssl_allow_client_renegotiation == false) { int state = SSL_get_state(ssl);