set_client_ciphersuite(): Fix for potential UB if session->cipher is NULL

This currently cannot happen without an application overriding the session with some bogus data so this is an ossl_assert() check. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22418)
author: Alexey Fofanov <avoget@gmail.com> 2023-10-18 14:23:22 +0300
committer: Tomas Mraz <tomas@openssl.org> 2023-11-13 12:52:43 +0100
commit: 9890cc42daff5e2d0cad01ac4bf78c391f599a6e (patch)
tree: 8eddee8dfdb5f3fe35238065fbeea551958b2245 /ssl
parent: ae9fe65d9f85e027bd7428e0f84aa46ab368880e (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index cbf5a57beb..3b3c51e41c 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1427,6 +1427,10 @@ static int set_client_ciphersuite(SSL_CONNECTION *s,
         if (SSL_CONNECTION_IS_TLS13(s)) {
             const EVP_MD *md = ssl_md(sctx, c->algorithm2);
 
+            if (!ossl_assert(s->session->cipher != NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
             /*
              * In TLSv1.3 it is valid for the server to select a different
              * ciphersuite as long as the hash is the same.
author	Alexey Fofanov <avoget@gmail.com>	2023-10-18 14:23:22 +0300
committer	Tomas Mraz <tomas@openssl.org>	2023-11-13 12:52:43 +0100
commit	9890cc42daff5e2d0cad01ac4bf78c391f599a6e (patch)
tree	8eddee8dfdb5f3fe35238065fbeea551958b2245 /ssl
parent	ae9fe65d9f85e027bd7428e0f84aa46ab368880e (diff)