This is an automated email from the ASF dual-hosted git repository. bneradt pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new c4e9618c5f Fix nullptr dereference on QUIC connection (#9642) c4e9618c5f is described below commit c4e9618c5f02077a0b1db6617512358c263a6eeb Author: Masakazu Kitajo <mas...@apache.org> AuthorDate: Fri Apr 28 23:43:34 2023 +0900 Fix nullptr dereference on QUIC connection (#9642) * Fix nullptr dereference on QUIC connection * Add validation for null before calling the TLSCertSwitchSupport --------- Co-authored-by: Damian Meden <dme...@apache.org> --- iocore/net/SSLUtils.cc | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index e019dc43b1..6832b80fe4 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -375,13 +375,15 @@ ssl_cert_callback(SSL *ssl, void *arg) int retval = 1; // If we are in tunnel mode, don't select a cert. Pause! - NetVConnection *netvc = reinterpret_cast<NetVConnection *>(sslnetvc); - if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) { + if (sslnetvc) { + NetVConnection *netvc = reinterpret_cast<NetVConnection *>(sslnetvc); + if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) { #ifdef OPENSSL_IS_BORINGSSL - return -2; // Retry + return -2; // Retry #else - return -1; // Pause + return -1; // Pause #endif + } } SSLCertContextType ctxType = SSLCertContextType::GENERIC; @@ -411,7 +413,7 @@ ssl_cert_callback(SSL *ssl, void *arg) retval = -1; // Pause } } else { - if (tcss->selectCertificate(ssl, ctxType) == 1) { + if (tcss && tcss->selectCertificate(ssl, ctxType) == 1) { retval = 1; } else { retval = 0;