From fe83733a7cef9a7ff68e89c69462f6eea0ab1f5b Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 6 Mar 2023 12:10:50 +0100
Subject: [PATCH] kex: Avoid NULL pointer dereference (GHSL-2023-032)

Thanks Phil Turnbull from Github

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/kex.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/kex.c b/src/kex.c
index bf1388e7..4ee31c20 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -330,6 +330,10 @@ static int cmp_first_kex_algo(const char *client_str,
 
     int is_wrong = 1;
 
+    if (client_str == NULL || server_str == NULL) {
+        return is_wrong;
+    }
+
     colon = strchr(client_str, ',');
     if (colon == NULL) {
         client_kex_len = strlen(client_str);