From b2caddc2ad6785096c5e0f5f75754bd79a0b2a66 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 20 Mar 2018 15:40:10 +0000
Subject: Avoid potentially calling strchr() on a NULL pointer in
 tls_config_set_ecdhecurve().

Spotted by Coverity.
---
 src/lib/libtls/tls_config.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 02f2b3c6e9..d32176fe6e 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.50 2018/03/19 16:34:47 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.51 2018/03/20 15:40:10 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -517,17 +517,16 @@ tls_config_set_dheparams(struct tls_config *config, const char *params)
 int
 tls_config_set_ecdhecurve(struct tls_config *config, const char *curve)
 {
-	if (strchr(curve, ',') != NULL || strchr(curve, ':') != NULL) {
+	if (curve == NULL ||
+	    strcasecmp(curve, "none") == 0 ||
+	    strcasecmp(curve, "auto") == 0) {
+		curve = TLS_ECDHE_CURVES;
+	} else if (strchr(curve, ',') != NULL || strchr(curve, ':') != NULL) {
 		tls_config_set_errorx(config, "invalid ecdhe curve '%s'",
 		    curve);
 		return (-1);
 	}
 
-	if (curve == NULL ||
-	    strcasecmp(curve, "none") == 0 ||
-	    strcasecmp(curve, "auto") == 0)
-		curve = TLS_ECDHE_CURVES;
-		
 	return tls_config_set_ecdhecurves(config, curve);
 }
 
-- 
cgit v1.2.3-55-g6feb