This is an automated email from the ASF dual-hosted git repository. zwoop pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push: new 62817fb Protect against nullptr access during SSL Callback (#6866) 62817fb is described below commit 62817fbb9874410ecf4aebfd524fa84770f28b3a Author: Sudheer Vinukonda <sudhe...@apache.org> AuthorDate: Tue Jun 9 14:29:17 2020 -0700 Protect against nullptr access during SSL Callback (#6866) (cherry picked from commit 079ed98632fc9e49b34efe4e38fabbdd9e2d695c) --- iocore/net/SSLClientUtils.cc | 2 +- iocore/net/SSLUtils.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc index 70f36d17..918db0a 100644 --- a/iocore/net/SSLClientUtils.cc +++ b/iocore/net/SSLClientUtils.cc @@ -53,7 +53,7 @@ verify_callback(int signature_ok, X509_STORE_CTX *ctx) // No enforcing, go away if (netvc == nullptr) { // No netvc, very bad. Go away. Things are not good. - Warning("Netvc gone by in verify_callback"); + SSLDebug("WARN, Netvc gone by in verify_callback"); return false; } else if (netvc->options.verifyServerPolicy == YamlSNIConfig::Policy::DISABLED) { return true; // Tell them that all is well diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 5dfcd69..9387a65 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1019,7 +1019,7 @@ ssl_callback_info(const SSL *ssl, int where, int ret) SSLNetVConnection *netvc = SSLNetVCAccess(ssl); - if ((where & SSL_CB_ACCEPT_LOOP) && netvc->getSSLHandShakeComplete() == true && + if (netvc && (where & SSL_CB_ACCEPT_LOOP) && netvc->getSSLHandShakeComplete() == true && SSLConfigParams::ssl_allow_client_renegotiation == false) { int state = SSL_get_state(ssl);