From a6f99a1aab741afd9fb60d91e2a2afb1c207e0e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Apr 2022 13:24:56 +0200 Subject: [PATCH] Fix crash with DTLS_CONNECTION_ID but not other SSL features In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C, DTLS handshakes using CID would crash due to a null pointer dereference. Fix this. Fixes #3998. Detected by running compat.sh in config-ccm-psk-dtls1_2.h. Signed-off-by: Gilles Peskine --- ChangeLog.d/dtls-cid-null.txt | 5 +++++ library/ssl_tls.c | 1 + 2 files changed, 6 insertions(+) create mode 100644 ChangeLog.d/dtls-cid-null.txt diff --git a/ChangeLog.d/dtls-cid-null.txt b/ChangeLog.d/dtls-cid-null.txt new file mode 100644 index 000000000..f6f4c5462 --- /dev/null +++ b/ChangeLog.d/dtls-cid-null.txt @@ -0,0 +1,5 @@ +Bugfix + * In configurations with MBEDTLS_SSL_DTLS_CONNECTION_ID enabled but none of + MBEDTLS_SSL_HW_RECORD_ACCEL, MBEDTLS_SSL_EXPORT_KEYS or MBEDTLS_DEBUG_C, + DTLS handshakes using CID would crash due to a null pointer dereference. + Fix this. Fixes #3998. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c85291e1e..4878585bb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -990,6 +990,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, #if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \ !defined(MBEDTLS_SSL_EXPORT_KEYS) && \ + !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \ !defined(MBEDTLS_DEBUG_C) ssl = NULL; /* make sure we don't use it except for those cases */ (void) ssl;