This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new c4e9618c5f Fix nullptr dereference on QUIC connection (#9642)
c4e9618c5f is described below
commit c4e9618c5f02077a0b1db6617512358c263a6eeb
Author: Masakazu Kitajo <mas...@apache.org>
AuthorDate: Fri Apr 28 23:43:34 2023 +0900
Fix nullptr dereference on QUIC connection (#9642)
* Fix nullptr dereference on QUIC connection
* Add validation for null before calling the TLSCertSwitchSupport
---------
Co-authored-by: Damian Meden <dme...@apache.org>
---
iocore/net/SSLUtils.cc | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index e019dc43b1..6832b80fe4 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -375,13 +375,15 @@ ssl_cert_callback(SSL *ssl, void *arg)
int retval = 1;
// If we are in tunnel mode, don't select a cert. Pause!
- NetVConnection *netvc = reinterpret_cast<NetVConnection *>(sslnetvc);
- if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) {
+ if (sslnetvc) {
+ NetVConnection *netvc = reinterpret_cast<NetVConnection *>(sslnetvc);
+ if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) {
#ifdef OPENSSL_IS_BORINGSSL
- return -2; // Retry
+ return -2; // Retry
#else
- return -1; // Pause
+ return -1; // Pause
#endif
+ }
}
SSLCertContextType ctxType = SSLCertContextType::GENERIC;
@@ -411,7 +413,7 @@ ssl_cert_callback(SSL *ssl, void *arg)
retval = -1; // Pause
}
} else {
- if (tcss->selectCertificate(ssl, ctxType) == 1) {
+ if (tcss && tcss->selectCertificate(ssl, ctxType) == 1) {
retval = 1;
} else {
retval = 0;
