From 9f3d1f07d217f73ce93dc404319370fd768bb27d Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 15 Nov 2018 15:36:51 -0700
Subject: [PATCH] additional sanity checks

---
 src/internal.c | 3 ++-
 src/ssh.c      | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index d8276a4..183667b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2329,7 +2329,8 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
         }
         /* Add a pad byte if the mpint has the MSB set. */
         if (ret == 0) {
-            if (ssh->handshake->primeGroup[0] & 0x80)
+            if (ssh->handshake->primeGroup != NULL &&
+                    ssh->handshake->primeGroup[0] & 0x80)
                 primeGroupPad = 1;
 
             /* Hash in the length of the GEX prime group. */
diff --git a/src/ssh.c b/src/ssh.c
index fbb56da..f167319 100644
--- a/src/ssh.c
+++ b/src/ssh.c
@@ -496,6 +496,10 @@ int wolfSSH_connect(WOLFSSH* ssh)
             /* no break */
 
         case CONNECT_SERVER_KEXINIT_DONE:
+            if (ssh->handshake == NULL) {
+                return WS_FATAL_ERROR;
+            }
+
             if (ssh->handshake->kexId == ID_DH_GEX_SHA256)
                 ssh->error = SendKexDhGexRequest(ssh);
             else