From b5c835b39917a715ef45c48e521427eb08221d4d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 19 Jul 2016 16:03:10 +0100 Subject: [PATCH] Sanity check in ssl_get_algorithm2(). RT#4600 Reviewed-by: Rich Salz (cherry picked from commit 52eede5a970fdb30c4ed6d3663e51f36bd1b1c73) Conflicts: ssl/s3_lib.c --- ssl/s3_lib.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 872e636af9..f2aaf36c40 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -4528,7 +4528,10 @@ int ssl3_renegotiate_check(SSL *s) */ long ssl_get_algorithm2(SSL *s) { - long alg2 = s->s3->tmp.new_cipher->algorithm2; + long alg2; + if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL) + return -1; + alg2 = s->s3->tmp.new_cipher->algorithm2; if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF)) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; -- 2.25.1