ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>

commit: 70dfd4c8aced7b8094ead8415d60e74b6e5e5ad3 [log] [tgz]
author: Leonid Rozenboim <leonid.rozenboim@oracle.com> Mon Aug 08 15:43:44 2022 -0700
committer: Leonid Rozenboim <leonid.rozenboim@oracle.com> Thu Aug 18 14:39:37 2022 -0700
tree: bbe72d6bbab71922b1cbbde2573ee5ef2e669e8a
parent: 92cd8642fa6d2a0013bea47a919b4a9f7a96dc37 [diff] [blame]
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index bc32327..eab2776 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -3405,8 +3405,14 @@
                                       size_t peer_pmssize )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    mbedtls_x509_crt *own_cert = mbedtls_ssl_own_cert( ssl );
+    if( own_cert == NULL ) {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no local certificate" ) );
+        return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
+    }
+    mbedtls_pk_context *public_key = &own_cert->pk;
     mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl );
-    mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk;
     size_t len = mbedtls_pk_get_len( public_key );
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
commit	70dfd4c8aced7b8094ead8415d60e74b6e5e5ad3	[log] [tgz]
author	Leonid Rozenboim <leonid.rozenboim@oracle.com>	Mon Aug 08 15:43:44 2022 -0700
committer	Leonid Rozenboim <leonid.rozenboim@oracle.com>	Thu Aug 18 14:39:37 2022 -0700
tree	bbe72d6bbab71922b1cbbde2573ee5ef2e669e8a
parent	92cd8642fa6d2a0013bea47a919b4a9f7a96dc37 [diff] [blame]