From 324f72ec9c6e77ec4bd215f6d19cd7b7c6e57c58 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 29 Sep 2021 04:21:21 -0400
Subject: [PATCH] Fix a bug where the ssl context is used after it's nullified
 When not using DEBUG_C, but using the DTLS CID feature - a null pointer was
 accessed in ssl_tls.c. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

---
 library/ssl_tls.c    |  5 +++--
 tests/scripts/all.sh | 12 ++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f16157a528..821506ff77 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -693,8 +693,9 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
     const mbedtls_cipher_info_t *cipher_info;
     const mbedtls_md_info_t *md_info;
 
-#if !defined(MBEDTLS_DEBUG_C)
-    ssl = NULL; /* make sure we don't use it except for this case */
+#if !defined(MBEDTLS_DEBUG_C) && \
+    !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+    ssl = NULL; /* make sure we don't use it except for these cases */
     (void) ssl;
 #endif
 
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index f30795c226..00939a7386 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2083,6 +2083,18 @@ component_test_variable_ssl_in_out_buffer_len_CID () {
     tests/compat.sh
 }
 
+component_test_CID_no_debug() {
+    msg "build: Connection ID enabled, debug disabled"
+    scripts/config.py unset MBEDTLS_DEBUG_C
+    scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID
+
+    CC=gcc cmake .
+    make
+
+    msg "test: Connection ID enabled, debug disabled"
+    make test
+}
+
 component_test_ssl_alloc_buffer_and_mfl () {
     msg "build: default config with memory buffer allocator and MFL extension"
     scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C