Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[tinydtls-dev] There may be some null-dereference bugs in dtls.c



In handle_handshake_msg(), the variable peer is checked in:

   if (peer) {

       dtls_stop_retransmission(ctx, peer);


This indicates that peer can be NULL.

If so, some null-dereference bugs will occur in handle_handshake_msg().

peer is also checked in line 3436:

   if (peer && !peer->handshake_params)

and it is dereferenced in line 3451:

   peer->state = DTLS_STATE_CLIENTHELLO;




                                                                              Tuo Li

Back to the top