Check for SSLOptions structure when SSL protocol prefix is used #334

src/MQTTAsync.c

 /*******************************************************************************
- * Copyright (c) 2009, 2017 IBM Corp.
+ * Copyright (c) 2009, 2018 IBM Corp.
  *
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
@@ -33,6 +33,7 @@
  *    Ian Craggs - SNI support
  *    Ian Craggs - auto reconnect timing fix #218
  *    Ian Craggs - fix for issue #190
+ *    Ian Craggs - check for NULL SSL options #334
  *******************************************************************************/
 
 /**
@@ -2254,6 +2255,15 @@ int MQTTAsync_connect(MQTTAsync handle, const MQTTAsync_connectOptions* options)
 		rc = MQTTASYNC_BAD_STRUCTURE;
 		goto exit;
 	}
+
+#if defined(OPENSSL)
+	if (m->ssl && options->ssl == NULL)
+	{
+		rc = MQTTCLIENT_NULL_PARAMETER;
+		goto exit;
+	}
+#endif
+
 	if (options->will) /* check validity of will options structure */
 	{
 		if (strncmp(options->will->struct_id, "MQTW", 4) != 0 || (options->will->struct_version != 0 && options->will->struct_version != 1))

src/MQTTClient.c

 /*******************************************************************************
- * Copyright (c) 2009, 2017 IBM Corp.
+ * Copyright (c) 2009, 2018 IBM Corp.
  *
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
@@ -32,6 +32,7 @@
  *    Ian Craggs - SNI support, message queue unpersist bug
  *    Ian Craggs - binary will message support
  *    Ian Craggs - waitforCompletion fix #240
+ *    Ian Craggs - check for NULL SSL options #334
  *******************************************************************************/
 
 /**
@@ -1171,6 +1172,14 @@ int MQTTClient_connect(MQTTClient handle, MQTTClient_connectOptions* options)
 		goto exit;
 	}
 
+#if defined(OPENSSL)
+	if (m->ssl && options->ssl == NULL)
+	{
+		rc = MQTTCLIENT_NULL_PARAMETER;
+		goto exit;
+	}
+#endif
+
 	if (options->will) /* check validity of will options structure */
 	{
 		if (strncmp(options->will->struct_id, "MQTW", 4) != 0 || (options->will->struct_version != 0 && options->will->struct_version != 1))
@@ -1180,6 +1189,7 @@ int MQTTClient_connect(MQTTClient handle, MQTTClient_connectOptions* options)
 		}
 	}
 
+
 #if defined(OPENSSL)
 	if (options->struct_version != 0 && options->ssl) /* check validity of SSL options structure */
 	{

test/test3.c

 /*******************************************************************************
- * Copyright (c) 2012, 2017 IBM Corp.
+ * Copyright (c) 2012, 2018 IBM Corp.
  *
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
@@ -12,6 +12,7 @@
  *
  * Contributors:
  *    Allan Stockdill-Mander - initial API and implementation and/or initial documentation
+ *    Ian Craggs - add SSL options NULL test
  *******************************************************************************/
 
 /**
@@ -584,6 +585,10 @@ int test1(struct Options options)
 		opts.serverURIcount = options.hacount;
 	}
 
+	/* Try with ssl opts == NULL - should get error */
+	rc = MQTTClient_connect(c, &opts);
+	assert("Connect should fail", rc == MQTTCLIENT_NULL_PARAMETER, "rc was %d ", rc);
+
 	opts.ssl = &sslopts;
 	if (options.server_key_file != NULL)
 		opts.ssl->trustStore = options.server_key_file; /*file of certificates trusted by client*/

test/test5.c

 /*******************************************************************************
- * Copyright (c) 2012, 2017 IBM Corp.
+ * Copyright (c) 2012, 2018 IBM Corp.
  *
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
@@ -637,6 +637,9 @@ int test1(struct Options options)
 	opts.onFailure = test1OnFailure;
 	opts.context = c;
 
+	rc = MQTTAsync_connect(c, &opts);
+	assert("Bad rc from connect", rc == MQTTASYNC_NULL_PARAMETER, "rc was %d ", rc);
+
 	opts.ssl = &sslopts;
 	opts.ssl->enableServerCertAuth = 0;