Fix NULL pointer dereference in wolfSSH_SetTpmDev/SetTpmKey

LinuxJedi · LinuxJedi · commit 82b9f1138dfa · 2026-02-23T10:23:26.000Z
Move the NULL validation checks inside the existing NULL guards for
ssh and ssh-&gt;ctx. Previously, the check accessed ssh-&gt;ctx outside
the guard, causing a NULL dereference when ssh or ssh-&gt;ctx was NULL.
Also fix wolfSSH_SetTpmKey to check tpmKey instead of tpmDev.
diff --git a/src/ssh.c b/src/ssh.c
@@ -405,11 +405,12 @@ void wolfSSH_SetTpmDev(WOLFSSH* ssh, WOLFTPM2_DEV* dev)
 {
     WLOG(WS_LOG_DEBUG, "Entering wolfSSH_SetTpmDev()");
 
-    if (ssh && ssh->ctx)
+    if (ssh && ssh->ctx) {
         ssh->ctx->tpmDev = dev;
 
-    if (ssh->ctx->tpmDev == NULL) {
-        WLOG(WS_LOG_DEBUG, "wolfSSH_SetTpmDev: Set tpm dev failed");
+        if (ssh->ctx->tpmDev == NULL) {
+            WLOG(WS_LOG_DEBUG, "wolfSSH_SetTpmDev: Set tpm dev failed");
+        }
     }
 }
 
@@ -418,11 +419,12 @@ void wolfSSH_SetTpmKey(WOLFSSH* ssh, WOLFTPM2_KEY* key)
 {
     WLOG(WS_LOG_DEBUG, "Entering wolfSSH_SetTpmKey()");
 
-    if (ssh && ssh->ctx)
+    if (ssh && ssh->ctx) {
         ssh->ctx->tpmKey = key;
 
-    if (ssh->ctx->tpmDev == NULL) {
-        WLOG(WS_LOG_DEBUG, "wolfSSH_SetTpmKey: Set tpm key failed");
+        if (ssh->ctx->tpmKey == NULL) {
+            WLOG(WS_LOG_DEBUG, "wolfSSH_SetTpmKey: Set tpm key failed");
+        }
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -405,11 +405,12 @@ void wolfSSH_SetTpmDev(WOLFSSH* ssh, WOLFTPM2_DEV* dev)`
`405`	`405`	`{`
`406`	`406`	`WLOG(WS_LOG_DEBUG, "Entering wolfSSH_SetTpmDev()");`
`407`	`407`
`408`		`- if (ssh && ssh->ctx)`
	`408`	`+ if (ssh && ssh->ctx) {`
`409`	`409`	`ssh->ctx->tpmDev = dev;`
`410`	`410`
`411`		`- if (ssh->ctx->tpmDev == NULL) {`
`412`		`- WLOG(WS_LOG_DEBUG, "wolfSSH_SetTpmDev: Set tpm dev failed");`
	`411`	`+ if (ssh->ctx->tpmDev == NULL) {`
	`412`	`+ WLOG(WS_LOG_DEBUG, "wolfSSH_SetTpmDev: Set tpm dev failed");`
	`413`	`+ }`
`413`	`414`	`}`
`414`	`415`	`}`
`415`	`416`
`@@ -418,11 +419,12 @@ void wolfSSH_SetTpmKey(WOLFSSH* ssh, WOLFTPM2_KEY* key)`
`418`	`419`	`{`
`419`	`420`	`WLOG(WS_LOG_DEBUG, "Entering wolfSSH_SetTpmKey()");`
`420`	`421`
`421`		`- if (ssh && ssh->ctx)`
	`422`	`+ if (ssh && ssh->ctx) {`
`422`	`423`	`ssh->ctx->tpmKey = key;`
`423`	`424`
`424`		`- if (ssh->ctx->tpmDev == NULL) {`
`425`		`- WLOG(WS_LOG_DEBUG, "wolfSSH_SetTpmKey: Set tpm key failed");`
	`425`	`+ if (ssh->ctx->tpmKey == NULL) {`
	`426`	`+ WLOG(WS_LOG_DEBUG, "wolfSSH_SetTpmKey: Set tpm key failed");`
	`427`	`+ }`
`426`	`428`	`}`
`427`	`429`	`}`
`428`	`430`