fix possible null dereference, CID 518681

JacobBarthelmeh · JacobBarthelmeh · commit 73c286ae46b3 · 2025-04-18T16:02:46.000-06:00
diff --git a/src/ssl_load.c b/src/ssl_load.c
@@ -1112,7 +1112,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         matchAnyKey = 1;
     }
 #ifdef WC_RSA_PSS
-    if(*keyFormat == RSAPSSk) {
+    if((ret == 0) && (*keyFormat == RSAPSSk)) {
         /*
             Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK),
             and to detect that the der is RSAPSSk (when *keyFormat == 0).

Original file line number	Diff line number	Diff line change
`@@ -1112,7 +1112,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,`
`1112`	`1112`	`matchAnyKey = 1;`
`1113`	`1113`	`}`
`1114`	`1114`	`#ifdef WC_RSA_PSS`
`1115`		`- if(*keyFormat == RSAPSSk) {`
	`1115`	`+ if((ret == 0) && (*keyFormat == RSAPSSk)) {`
`1116`	`1116`	`/*`
`1117`	`1117`	`Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK),`
`1118`	`1118`	`and to detect that the der is RSAPSSk (when *keyFormat == 0).`