Closed icy17 closed 6 months ago
The dtls_ctx
was created earlier.
SSL_CTX* dtls_ctx;
#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
dtls_ctx = SSL_CTX_new(DTLSv1_method());
#else
if (version == SrsDtlsVersion1_0) {
if (role == "active") {
dtls_ctx = SSL_CTX_new(DTLSv1_client_method());
} else {
dtls_ctx = SSL_CTX_new(DTLSv1_server_method());
}
} else if (version == SrsDtlsVersion1_2) {
if (role == "active") {
dtls_ctx = SSL_CTX_new(DTLS_client_method());
} else {
dtls_ctx = SSL_CTX_new(DTLS_server_method());
}
} else {
// SrsDtlsVersionAuto, use version-flexible DTLS methods
dtls_ctx = SSL_CTX_new(DTLS_method());
}
#endif
If the dtls_ctx
creation fails, it's a serious error, usually due to insufficient memory. If the allocation fails, there will be a null pointer when it's used later. If we have to check for null every time, it would make the code very hard to maintain. Instead, for these kinds of irrecoverable errors, we generally use assert
.
SSL_CTX* dtls_ctx;
#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
dtls_ctx = SSL_CTX_new(DTLSv1_method());
#endif
srs_assert(dtls_ctx);
This way, we don't have to check for null all the time, which makes the code much easier to read and maintain.
Feel free to submit a patch.
TRANS_BY_GPT4
Describe the bug In trunk/src/app/srs_app_rtc_dtls.cpp: 159, calling SSL_CTX_set_cipher_list without checking the parameter 1 might cause a null dereference.
Version master
Expected behavior It's better to add a check before using the pointer.