This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 62817fb Protect against nullptr access during SSL Callback (#6866)
62817fb is described below
commit 62817fbb9874410ecf4aebfd524fa84770f28b3a
Author: Sudheer Vinukonda <sudhe...@apache.org>
AuthorDate: Tue Jun 9 14:29:17 2020 -0700
Protect against nullptr access during SSL Callback (#6866)
(cherry picked from commit 079ed98632fc9e49b34efe4e38fabbdd9e2d695c)
---
iocore/net/SSLClientUtils.cc | 2 +-
iocore/net/SSLUtils.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc
index 70f36d17..918db0a 100644
--- a/iocore/net/SSLClientUtils.cc
+++ b/iocore/net/SSLClientUtils.cc
@@ -53,7 +53,7 @@ verify_callback(int signature_ok, X509_STORE_CTX *ctx)
// No enforcing, go away
if (netvc == nullptr) {
// No netvc, very bad. Go away. Things are not good.
- Warning("Netvc gone by in verify_callback");
+ SSLDebug("WARN, Netvc gone by in verify_callback");
return false;
} else if (netvc->options.verifyServerPolicy ==
YamlSNIConfig::Policy::DISABLED) {
return true; // Tell them that all is well
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 5dfcd69..9387a65 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1019,7 +1019,7 @@ ssl_callback_info(const SSL *ssl, int where, int ret)
SSLNetVConnection *netvc = SSLNetVCAccess(ssl);
- if ((where & SSL_CB_ACCEPT_LOOP) && netvc->getSSLHandShakeComplete() == true
&&
+ if (netvc && (where & SSL_CB_ACCEPT_LOOP) &&
netvc->getSSLHandShakeComplete() == true &&
SSLConfigParams::ssl_allow_client_renegotiation == false) {
int state = SSL_get_state(ssl);
