Add NULL checks to top-level SSL functions

On normal use these should never be useful, but if the application has issues,
it's best for us to return an error than to crash.
This commit is contained in:
Manuel Pégourié-Gonnard 2015-09-01 17:43:40 +02:00
parent 5f5e0ec3f1
commit f81ee2eba8

View file

@ -3718,6 +3718,9 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
{ {
int ret; int ret;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> send alert message" ) );
ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT; ssl->out_msgtype = MBEDTLS_SSL_MSG_ALERT;
@ -5917,6 +5920,9 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C)
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
ret = mbedtls_ssl_handshake_client_step( ssl ); ret = mbedtls_ssl_handshake_client_step( ssl );
@ -5936,6 +5942,9 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl )
{ {
int ret = 0; int ret = 0;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER )
@ -6031,6 +6040,9 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
/* On server, just send the request */ /* On server, just send the request */
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER )
@ -6108,6 +6120,9 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
int ret, record_read = 0; int ret, record_read = 0;
size_t n; size_t n;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read" ) );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -6451,6 +6466,9 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) );
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 ) if( ( ret = ssl_check_ctr_renegotiate( ssl ) ) != 0 )
{ {
@ -6486,6 +6504,9 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl )
{ {
int ret; int ret;
if( ssl == NULL || ssl->conf == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
if( ssl->out_left != 0 ) if( ssl->out_left != 0 )