From 2d4aa1bbb5e7e33db8a40449c4c481b38dbbba0f Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 1 Apr 2016 12:57:33 -0700
Subject: [PATCH] Better fix for scan-build warning regarding possible use of
 NULL in AddRecordHeader. Scan-build considers paths where output is set to
 NULL, but ssl->spec.kea is corrupted/changed, which could result in output ==
 NULL (even though it should never happen). So added proper NULL check in
 SendServerKeyExchange on AddHeader to make sure output isn't NULL.

---
 src/internal.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index de74ae50b..f072d8181 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -15468,8 +15468,15 @@ int DoSessionTicket(WOLFSSL* ssl,
             #endif
 
             #if defined(HAVE_ECC)
-                if (ssl->specs.kea == ecdhe_psk_kea || ssl->specs.kea == ecc_diffie_hellman_kea) {
-                    AddHeaders(output, length, server_key_exchange, ssl);
+                if (ssl->specs.kea == ecdhe_psk_kea ||
+                    ssl->specs.kea == ecc_diffie_hellman_kea) {
+                    /* Check output to make sure it was set */
+                    if (output) {
+                        AddHeaders(output, length, server_key_exchange, ssl);
+                    }
+                    else {
+                        ERROR_OUT(BUFFER_ERROR, exit_sske);
+                    }
                 }
             #endif /* HAVE_ECC */