From 5281bb2252be6575ebb7a8b683e6bd160476fa2a Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <kaduk@mit.edu>
Date: Sun, 1 Jul 2018 12:49:24 -0500
Subject: Address coverity-reported NULL dereference in SSL_SESSION_print()

We need to check the provided SSL_SESSION* for NULL before
attempting to derference it to see if it's a TLS 1.3 session.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6622)
---
 ssl/ssl_txt.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ssl/ssl_txt.c')

diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 3856491eca..cf6e4c3c05 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -33,10 +33,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
 {
     size_t i;
     const char *s;
-    int istls13 = (x->ssl_version == TLS1_3_VERSION);
+    int istls13;
 
     if (x == NULL)
         goto err;
+    istls13 = (x->ssl_version == TLS1_3_VERSION);
     if (BIO_puts(bp, "SSL-Session:\n") <= 0)
         goto err;
     s = ssl_protocol_to_string(x->ssl_version);
-- 
cgit v1.2.3