From d4a30484a00e5223ba26bfd5e96c9c8c1f50eb16 Mon Sep 17 00:00:00 2001 From: "pneubeck@chromium.org" Date: Wed, 18 Sep 2013 13:00:14 +0000 Subject: ClientCertResolver: correctly handle a missing issuer cert. CERT_FindCertIssuer might return NULL, which was not correctly handled before. It's not clear if this case can ever occur in practice, but with this change we're on the safe side. BUG=291358 R=joaodasilva@chromium.org Review URL: https://codereview.chromium.org/23619075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@223858 0039d316-1c4b-4281-b951-d872f2087c98 --- chromeos/network/client_cert_resolver.cc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/chromeos/network/client_cert_resolver.cc b/chromeos/network/client_cert_resolver.cc index fcda9ba..998f75a 100644 --- a/chromeos/network/client_cert_resolver.cc +++ b/chromeos/network/client_cert_resolver.cc @@ -143,13 +143,18 @@ void FindCertificateMatches(const net::CertificateList& certs, !HasPrivateKey(cert)) { continue; } + net::X509Certificate::OSCertHandle issuer_handle = + CERT_FindCertIssuer(cert.os_cert_handle(), PR_Now(), certUsageAnyCA); + if (!issuer_handle) { + LOG(ERROR) << "Couldn't find an issuer."; + continue; + } scoped_refptr issuer = net::X509Certificate::CreateFromHandle( - CERT_FindCertIssuer( - cert.os_cert_handle(), PR_Now(), certUsageAnyCA), - net::X509Certificate::OSCertHandles()); + issuer_handle, + net::X509Certificate::OSCertHandles() /* no intermediate certs */); if (!issuer) { - LOG(ERROR) << "Couldn't find cert issuer."; + LOG(ERROR) << "Couldn't create issuer cert."; continue; } std::string pem_encoded_issuer; -- cgit v1.1