From 5281bb2252be6575ebb7a8b683e6bd160476fa2a Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Sun, 1 Jul 2018 12:49:24 -0500 Subject: [PATCH] Address coverity-reported NULL dereference in SSL_SESSION_print() We need to check the provided SSL_SESSION* for NULL before attempting to derference it to see if it's a TLS 1.3 session. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6622) --- ssl/ssl_txt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 3856491eca..cf6e4c3c05 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -33,10 +33,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { size_t i; const char *s; - int istls13 = (x->ssl_version == TLS1_3_VERSION); + int istls13; if (x == NULL) goto err; + istls13 = (x->ssl_version == TLS1_3_VERSION); if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; s = ssl_protocol_to_string(x->ssl_version); -- 2.25.1