From a703914e60becbc204350df178d4323af8436637 Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Fri, 18 Apr 2014 22:36:12 +0200 Subject: [PATCH] curl_schannel.c: fix possible dereference of null pointer --- lib/vtls/curl_schannel.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/vtls/curl_schannel.c b/lib/vtls/curl_schannel.c index 701fa556c..82e088c7b 100644 --- a/lib/vtls/curl_schannel.c +++ b/lib/vtls/curl_schannel.c @@ -310,6 +310,9 @@ schannel_connect_step2(struct connectdata *conn, int sockindex) infof(data, "schannel: SSL/TLS connection with %s port %hu (step 2/3)\n", conn->host.name, conn->remote_port); + if(!connssl->cred || !connssl->ctxt) + return CURLE_SSL_CONNECT_ERROR; + /* buffer to store previously received and encrypted data */ if(connssl->encdata_buffer == NULL) { connssl->encdata_offset = 0; @@ -508,6 +511,9 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) infof(data, "schannel: SSL/TLS connection with %s port %hu (step 3/3)\n", conn->host.name, conn->remote_port); + if(!connssl->cred) + return CURLE_SSL_CONNECT_ERROR; + /* check if the required context attributes are met */ if(connssl->ret_flags != connssl->req_flags) { if(!(connssl->ret_flags & ISC_RET_SEQUENCE_DETECT))