From b86145e6cdc71624490e0cc7b25635f8f394ea3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 23 Jun 2015 14:11:39 +0200
Subject: [PATCH] Avoid potential NULL dereference.

May happen with a faulty configuration (eg no allowed curve but trying to use
ECDHE key exchange), but not trigger able remotely.

(Found with Clang's scan-build.)
---
 library/ssl_srv.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index c5e1c4e9a..09431ce62 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2647,7 +2647,6 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
          * } ServerECDHParams;
          */
         const mbedtls_ecp_curve_info **curve = NULL;
-#if defined(MBEDTLS_ECP_C)
         const mbedtls_ecp_group_id *gid;
 
         /* Match our preference list against the offered curves */
@@ -2657,11 +2656,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl )
                     goto curve_matching_done;
 
 curve_matching_done:
-#else
-        curve = ssl->handshake->curves;
-#endif
-
-        if( *curve == NULL )
+        if( curve == NULL || *curve == NULL )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "no matching curve for ECDHE" ) );
             return( MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN );