From dfea2de7acb538bc135eaa1def3f738d1644d053 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 21 Oct 2022 15:48:14 +0000 Subject: [PATCH] Add extra NULL check after ssl3_setup_read_buffer() While ssl3_setup_read_buffer() success alone is enough to imply that the read bufer is non-NULL, several static analyzers fail to recognize that and throw fits about possible NULL accesses. CID 331010 Fix from and ok jsing --- lib/libssl/ssl_pkt.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 8462d03967a..ddb2ce09351 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.61 2022/10/02 16:36:41 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.62 2022/10/21 15:48:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -158,9 +158,12 @@ ssl3_read_n(SSL *s, int n, int max, int extend) if (n <= 0) return n; - if (rb->buf == NULL) + if (rb->buf == NULL) { if (!ssl3_setup_read_buffer(s)) return -1; + } + if (rb->buf == NULL) + return -1; left = rb->left; align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH; -- 2.20.1