ClientCertResolver: correctly handle a missing issuer cert.

CERT_FindCertIssuer might return NULL, which was not correctly handled before.
It's not clear if this case can ever occur in practice, but with this change we're on the safe side.

BUG=291358
R=joaodasilva@chromium.org

Review URL: https://codereview.chromium.org/23619075

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@223858 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 4 deletions

diff --git a/chromeos/network/client_cert_resolver.cc b/chromeos/network/client_cert_resolver.cc
index fcda9ba..998f75a 100644
--- a/chromeos/network/client_cert_resolver.cc
+++ b/chromeos/network/client_cert_resolver.cc
@@ -143,13 +143,18 @@ void FindCertificateMatches(const net::CertificateList& certs,
         !HasPrivateKey(cert)) {
       continue;
     }
+    net::X509Certificate::OSCertHandle issuer_handle =
+        CERT_FindCertIssuer(cert.os_cert_handle(), PR_Now(), certUsageAnyCA);
+    if (!issuer_handle) {
+      LOG(ERROR) << "Couldn't find an issuer.";
+      continue;
+    }
     scoped_refptr<net::X509Certificate> issuer =
         net::X509Certificate::CreateFromHandle(
-            CERT_FindCertIssuer(
-                cert.os_cert_handle(), PR_Now(), certUsageAnyCA),
-            net::X509Certificate::OSCertHandles());
+            issuer_handle,
+            net::X509Certificate::OSCertHandles() /* no intermediate certs */);
     if (!issuer) {
-      LOG(ERROR) << "Couldn't find cert issuer.";
+      LOG(ERROR) << "Couldn't create issuer cert.";
       continue;
     }
     std::string pem_encoded_issuer;