From 2037abc612ad18405ca6bebb8ce64a391c0c6a42 Mon Sep 17 00:00:00 2001
From: Gordon Tetlow <gordon@FreeBSD.org>
Date: Tue, 21 Apr 2020 15:53:08 +0000
Subject: [PATCH] Fix OpenSSL remote denial of service vulnerability.

Approved by:	so
Security:	FreeBSD-SA-20:11.openssl
Security:	CVE-2020-1967
---
 crypto/openssl/ssl/t1_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index b482019c4c1..5287d10a2d0 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -2099,7 +2099,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
         sigalg = use_pc_sigalgs
                  ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i])
                  : s->shared_sigalgs[i];
-        if (sig_nid == sigalg->sigandhash)
+        if (sigalg != NULL && sig_nid == sigalg->sigandhash)
             return 1;
     }
     return 0;
-- 
2.45.0