From e9d8dcdbf5629bc9320b85060a470f381620867e Mon Sep 17 00:00:00 2001
From: Leonid Rozenboim <leonid.rozenboim@oracle.com>
Date: Mon, 8 Aug 2022 15:57:48 -0700
Subject: [PATCH] ssl_tls: avoid the appearance of a potential NULL
 dereferencing

Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index eefd89dd9..f2f415e31 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7282,7 +7282,7 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
     const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
          mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
 
-    if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+    if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
         return( tls_prf_sha384 );
 #else
     (void) ciphersuite_id;