add null sanity check to wolfSSL_SESSION_get_max_early_data, CID 516264

JacobBarthelmeh · JacobBarthelmeh · commit f834b9b08aab · 2025-04-18T16:31:33.000-06:00
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
@@ -3534,6 +3534,10 @@ int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
 #ifdef WOLFSSL_EARLY_DATA
 unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session)
 {
+    if (session == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
     return session->maxEarlyDataSz;
 }
 #endif /* WOLFSSL_EARLY_DATA */
diff --git a/tests/quic.c b/tests/quic.c
@@ -1675,6 +1675,9 @@ static int test_quic_early_data(int verbose) {
     QuicTestContext_free(&tclient);
     QuicTestContext_free(&tserver);
 
+    /* check for error value with null argument */
+    ExpectIntEQ(wolfSSL_SESSION_get_max_early_data(NULL), BAD_FUNC_ARG);
+
     /* QUIC requires 0 or 0xffffffff as only allowed values.
      * Since we enabled early data in the server that created the session,
      * we need to see it here. */

Original file line number	Diff line number	Diff line change
`@@ -3534,6 +3534,10 @@ int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)`
`3534`	`3534`	`#ifdef WOLFSSL_EARLY_DATA`
`3535`	`3535`	`unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *session)`
`3536`	`3536`	`{`
	`3537`	`+ if (session == NULL) {`
	`3538`	`+ return BAD_FUNC_ARG;`
	`3539`	`+ }`
	`3540`	`+`
`3537`	`3541`	`return session->maxEarlyDataSz;`
`3538`	`3542`	`}`
`3539`	`3543`	`#endif /* WOLFSSL_EARLY_DATA */`