Avoid potential NULL dereference. May happen with a faulty configuration (eg no allowed curve but trying to use ECDHE key exchange), but not trigger able remotely. (Found with Clang's scan-build.)

commit: b86145e6cdc71624490e0cc7b25635f8f394ea3b [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Jun 23 14:11:39 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Jun 23 18:44:10 2015 +0200
tree: b944c1a0122a65e7baa447bdef931784f8dae577
parent: 14bf7063b9e3e296e9f792ddeb57222c19ed6132 [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index c5e1c4e..09431ce 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -2647,7 +2647,6 @@
          * } ServerECDHParams;
          */
         const mbedtls_ecp_curve_info **curve = NULL;
-#if defined(MBEDTLS_ECP_C)
         const mbedtls_ecp_group_id *gid;
 
         /* Match our preference list against the offered curves */
@@ -2657,11 +2656,7 @@
                     goto curve_matching_done;
 
 curve_matching_done:
-#else
-        curve = ssl->handshake->curves;
-#endif
-
-        if( *curve == NULL )
+        if( curve == NULL || *curve == NULL )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) );
             return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );
commit	b86145e6cdc71624490e0cc7b25635f8f394ea3b	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Jun 23 14:11:39 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Jun 23 18:44:10 2015 +0200
tree	b944c1a0122a65e7baa447bdef931784f8dae577
parent	14bf7063b9e3e296e9f792ddeb57222c19ed6132 [diff] [blame]