From cf38d1c022968f672796ec70122ec43043b9f24b Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Mon, 31 Aug 2015 11:57:30 -0700
Subject: [PATCH] detect SetSSL_CTX requirements and error out early

---
 src/internal.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index dedd2c4d8..0ad5fe72f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1562,12 +1562,19 @@ void FreeX509(WOLFSSL_X509* x509)
 
 /* This function inherits a WOLFSSL_CTX's fields into an SSL object.
    It is used during initialization and to switch an ssl's CTX with
-   wolfSSL_Set_SSL_CTX */
+   wolfSSL_Set_SSL_CTX.  Requires ssl->suites alloc and ssl-arrays with PSK
+   SSL_SUCCESS return value on success */
 int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 {
-    if(!ssl || !ctx)
+    if(!ssl || !ctx || ssl->suites == NULL)
         return BAD_FUNC_ARG;
 
+#ifndef NO_PSK
+    if (ctx->server_hint[0] && ssl->arrays == NULL) {
+        return BAD_FUNC_ARG;  /* needed for copy below */
+    }
+#endif
+
     byte havePSK = 0;
     byte haveAnon = 0;
     byte haveRSA = 0;
@@ -1701,7 +1708,8 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 
 
 /* init everything to 0, NULL, default values before calling anything that may
-   fail so that desctructor has a "good" state to cleanup */
+   fail so that desctructor has a "good" state to cleanup
+   0 on success */
 int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
 {
     int  ret;
@@ -1793,6 +1801,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     }
 
     /* Initialize SSL with the appropriate fields from it's ctx */
+    /* requires valid arrays and suites */
     if((ret =  SetSSL_CTX(ssl, ctx)) != SSL_SUCCESS)
         return ret;