Prevent potential NULL pointer dereference in ssl_read_record()

commit: 4224bc0a4fd791324ac5faf0ec234be1cd0617d0 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Tue Apr 08 14:36:50 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Apr 08 14:36:50 2014 +0200
tree: dfdb023627af15823e60356c247d7e4622514d51
parent: 563ad02663fa501b11a69593d2447225e6497d9b [diff]
diff --git a/ChangeLog b/ChangeLog
index 5fe77e4..f08432a 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -12,6 +12,8 @@
      This affects certificates in the user-supplied chain except the top
      certificate. If the user-supplied chain contains only one certificates,
      it is not affected (ie, its notAfter date is properly checked).
+   * Prevent potential NULL pointer dereference in ssl_read_record() (found by
+     TrustInSoft)
 
 Bugfix
    * The length of various ClientKeyExchange messages was not properly checked.

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 681b7c3..8d43488 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2087,7 +2087,8 @@
             return( POLARSSL_ERR_SSL_INVALID_RECORD );
         }
 
-        ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
+        if( ssl->state != SSL_HANDSHAKE_OVER )
+            ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen );
 
         return( 0 );
     }
commit	4224bc0a4fd791324ac5faf0ec234be1cd0617d0	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Tue Apr 08 14:36:50 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Apr 08 14:36:50 2014 +0200
tree	dfdb023627af15823e60356c247d7e4622514d51
parent	563ad02663fa501b11a69593d2447225e6497d9b [diff]