From ede747f1bcd8fc52ba57369f84c00fee92b44807 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Wed, 3 Apr 2019 08:04:48 +0800
Subject: [PATCH] openssl: client: check wsi from openssl private data

v2.4 was patched to check NULL wsi in the verify callback,
nobody has reported it on later versions, but might as well
check it too.
---
 lib/tls/openssl/openssl-client.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c
index 74335e77c..dde8ef3f6 100644
--- a/lib/tls/openssl/openssl-client.c
+++ b/lib/tls/openssl/openssl-client.c
@@ -51,6 +51,12 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 					SSL_get_ex_data_X509_STORE_CTX_idx());
 			wsi = SSL_get_ex_data(ssl,
 					openssl_websocket_private_data_index);
+			if (!wsi) {
+				lwsl_err("%s: can't get wsi from ssl privdata\n",
+					 __func__);
+
+				return 0;
+			}
 
 			if ((err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
 			     err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) &&
@@ -79,6 +85,11 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 	ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
 					 SSL_get_ex_data_X509_STORE_CTX_idx());
 	wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index);
+	if (!wsi) {
+		lwsl_err("%s: can't get wsi from ssl privdata\n",  __func__);
+
+		return 0;
+	}
 
 	n = lws_get_context_protocol(wsi->context, 0).callback(wsi,
 			LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION,