BUG/MEDIUM: ssl: segfault when cipher is NULL

The patch which fixes the certificate selection uses
SSL_CIPHER_get_id() to skip the SCSV ciphers without checking if cipher
is NULL. This patch fixes the issue by skipping any NULL cipher in the
iteration.

Problem was reported in #2329.

Need to be backported where 23093c72f1 was
backported. No release was made with this patch so the severity is
MEDIUM.
This commit is contained in:
William Lallemand 2023-10-30 18:08:16 +01:00
parent 47ed1181f2
commit e7bae7a0b6

View File

@ -2506,13 +2506,16 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
#else #else
cipher = SSL_CIPHER_find(ssl, cipher_suites); cipher = SSL_CIPHER_find(ssl, cipher_suites);
#endif #endif
if (!cipher)
continue;
cipher_id = SSL_CIPHER_get_id(cipher); cipher_id = SSL_CIPHER_get_id(cipher);
/* skip the SCSV "fake" signaling ciphersuites because they are NID_auth_any (RFC 7507) */ /* skip the SCSV "fake" signaling ciphersuites because they are NID_auth_any (RFC 7507) */
if (cipher_id == SSL3_CK_SCSV || cipher_id == SSL3_CK_FALLBACK_SCSV) if (cipher_id == SSL3_CK_SCSV || cipher_id == SSL3_CK_FALLBACK_SCSV)
continue; continue;
if (cipher && ( SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa
|| SSL_CIPHER_get_auth_nid(cipher) == NID_auth_any)) { || SSL_CIPHER_get_auth_nid(cipher) == NID_auth_any) {
has_ecdsa_sig = 1; has_ecdsa_sig = 1;
break; break;
} }