detect SetSSL_CTX requirements and error out early

2025-07-31 03:07:29 +02:00 · 2015-08-31 11:57:30 -07:00
parent df2216d092
commit cf38d1c022
1 changed files with 12 additions and 3 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -1562,12 +1562,19 @@ void FreeX509(WOLFSSL_X509* x509)

 /* This function inherits a WOLFSSL_CTX's fields into an SSL object.
   It is used during initialization and to switch an ssl's CTX with
-   wolfSSL_Set_SSL_CTX */
+   wolfSSL_Set_SSL_CTX.  Requires ssl->suites alloc and ssl-arrays with PSK
+   SSL_SUCCESS return value on success */
 int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 {
-    if(!ssl || !ctx)
+    if(!ssl || !ctx || ssl->suites == NULL)
        return BAD_FUNC_ARG;

+#ifndef NO_PSK
+    if (ctx->server_hint[0] && ssl->arrays == NULL) {
+        return BAD_FUNC_ARG;  /* needed for copy below */
+    }
+#endif
+
    byte havePSK = 0;
    byte haveAnon = 0;
    byte haveRSA = 0;
@ -1701,7 +1708,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)


 /* init everything to 0, NULL, default values before calling anything that may
-   fail so that desctructor has a "good" state to cleanup */
+   fail so that desctructor has a "good" state to cleanup
+   0 on success */
 int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 {
    int  ret;
@ -1793,6 +1801,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
    }

    /* Initialize SSL with the appropriate fields from it's ctx */
+    /* requires valid arrays and suites */
    if((ret =  SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
        return ret;