Fix possible client crash on API misuse

2025-07-28 00:21:48 +03:00 · 2015-09-03 10:44:32 +02:00
parent 14d800507a
commit 7f2f062a5d
2 changed files with 23 additions and 0 deletions
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -1771,6 +1771,12 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,

    ssl->handshake->pmslen = 48;

+    if( ssl->session_negotiate->peer_cert == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
    /*
     * Now write it out, encrypted
     */
@ -1873,6 +1879,12 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
    int ret;
    const mbedtls_ecp_keypair *peer_key;

+    if( ssl->session_negotiate->peer_cert == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+    }
+
    if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk,
                     MBEDTLS_PK_ECKEY ) )
    {
@ -2182,6 +2194,12 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
            (unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );

+        if( ssl->session_negotiate->peer_cert == NULL )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "certificate required" ) );
+            return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+        }
+
        /*
         * Verify signature
         */