From: Benjamin Kaduk Date: Sun, 1 Jul 2018 17:49:24 +0000 (-0500) Subject: Address coverity-reported NULL dereference in SSL_SESSION_print() X-Git-Tag: OpenSSL_1_1_1-pre9~211 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5281bb2252be6575ebb7a8b683e6bd160476fa2a;p=oweals%2Fopenssl.git Address coverity-reported NULL dereference in SSL_SESSION_print() We need to check the provided SSL_SESSION* for NULL before attempting to derference it to see if it's a TLS 1.3 session. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6622) --- diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 3856491eca..cf6e4c3c05 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -33,10 +33,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { size_t i; const char *s; - int istls13 = (x->ssl_version == TLS1_3_VERSION); + int istls13; if (x == NULL) goto err; + istls13 = (x->ssl_version == TLS1_3_VERSION); if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; s = ssl_protocol_to_string(x->ssl_version);