Prevent potential NULL pointer dereference in ssl_read_record()
diff --git a/ChangeLog b/ChangeLog
index 2a7134d..bb08fcd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@
attack was already impossible when authentication is required).
* Check notBefore timestamp of certificates and CRLs from the future.
* Forbid sequence number wrapping
+ * Prevent potential NULL pointer dereference in ssl_read_record() (found by
+ TrustInSoft)
Bugfix
* Fixed X.509 hostname comparison (with non-regular characters)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 95ee967..9c896b3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1922,7 +1922,8 @@
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
- ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+ if( ssl->state != SSL_HANDSHAKE_OVER )
+ ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
return( 0 );
}