Return from debugging functions if SSL context is unset

The debugging functions
- mbedtls_debug_print_ret,
- mbedtls_debug_print_buf,
- mbedtls_debug_print_mpi, and
- mbedtls_debug_print_crt
return immediately if the SSL configuration bound to the
passed SSL context is NULL, has no debugging functions
configured, or if the debug threshold is below the debugging
level.
However, they do not check whether the provided SSL context
is not NULL before accessing the SSL configuration bound to it,
therefore leading to a segmentation fault if it is.
In contrast, the debugging function
- mbedtls_debug_print_msg
does check for ssl != NULL before accessing ssl->conf.

This commit unifies the checks by always returning immediately
if ssl == NULL.
This commit is contained in:
Hanno Becker 2018-06-29 09:04:46 +01:00
parent d22c1b2445
commit 687c500da3

View file

@ -86,8 +86,13 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
char str[DEBUG_BUF_SIZE]; char str[DEBUG_BUF_SIZE];
int ret; int ret;
if( NULL == ssl || NULL == ssl->conf || NULL == ssl->conf->f_dbg || level > debug_threshold ) if( NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
return; return;
}
va_start( argp, format ); va_start( argp, format );
#if defined(_WIN32) #if defined(_WIN32)
@ -121,8 +126,13 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
{ {
char str[DEBUG_BUF_SIZE]; char str[DEBUG_BUF_SIZE];
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold ) if( NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
return; return;
}
/* /*
* With non-blocking I/O and examples that just retry immediately, * With non-blocking I/O and examples that just retry immediately,
@ -146,8 +156,13 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
char txt[17]; char txt[17];
size_t i, idx = 0; size_t i, idx = 0;
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold ) if( NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
return; return;
}
mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n", mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
text, (unsigned int) len ); text, (unsigned int) len );
@ -199,8 +214,13 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
{ {
char str[DEBUG_BUF_SIZE]; char str[DEBUG_BUF_SIZE];
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || level > debug_threshold ) if( NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
level > debug_threshold )
{
return; return;
}
mbedtls_snprintf( str, sizeof( str ), "%s(X)", text ); mbedtls_snprintf( str, sizeof( str ), "%s(X)", text );
mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X ); mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X );
@ -219,8 +239,14 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
int j, k, zeros = 1; int j, k, zeros = 1;
size_t i, n, idx = 0; size_t i, n, idx = 0;
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || X == NULL || level > debug_threshold ) if( NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == X ||
level > debug_threshold )
{
return; return;
}
for( n = X->n - 1; n > 0; n-- ) for( n = X->n - 1; n > 0; n-- )
if( X->p[n] != 0 ) if( X->p[n] != 0 )
@ -345,8 +371,14 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
char str[DEBUG_BUF_SIZE]; char str[DEBUG_BUF_SIZE];
int i = 0; int i = 0;
if( ssl->conf == NULL || ssl->conf->f_dbg == NULL || crt == NULL || level > debug_threshold ) if( NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
NULL == crt ||
level > debug_threshold )
{
return; return;
}
while( crt != NULL ) while( crt != NULL )
{ {