From c70b3f297eae57f74eb2feb5c6599d60e8c01bde Mon Sep 17 00:00:00 2001
From: Marco Oliverio <marco@wolfssl.com>
Date: Thu, 7 Sep 2023 12:42:25 +0000
Subject: [PATCH] fix: tls13: don't use stale suites pointers in
 CheckPreSharedKeys

---
 src/tls13.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/tls13.c b/src/tls13.c
index 45555faab..d0765a470 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -6064,7 +6064,7 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
     int    first = 0;
 #ifndef WOLFSSL_PSK_ONE_ID
     int    i;
-    const Suites* suites = WOLFSSL_SUITES(ssl);
+    const Suites* suites;
 #else
     byte   suite[2];
 #endif
@@ -6102,7 +6102,8 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
 
     /* Refine list for PSK processing. */
     RefineSuites(ssl, clSuites);
-
+    /* set after refineSuites, to avoid taking a stale ptr to ctx->Suites */
+    suites = WOLFSSL_SUITES(ssl);
 #ifndef WOLFSSL_PSK_ONE_ID
     if (usingPSK == NULL)
         return BAD_FUNC_ARG;