curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-19 02:22:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer

Browse Source 
When the SecCertificateCopyCommonName function fails, it leaves
common_name in a invalid state so CFStringCompare uses the invalid
result, causing EXC_BAD_ACCESS.

The fix is to check the return value of the function before using the
name.

Closes #7126
This commit is contained in:
ejanchivdorj 2021-05-24 23:38:17 -07:00 committed by Daniel Stenberg
parent 643ec29645
commit a63dae5d07
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/vtls/sectransp.c
View File

@ -1158,12 +1158,14 @@ static OSStatus CopyIdentityWithLabel(char *label,
(SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i); (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i);
err = SecIdentityCopyCertificate(identity, &cert); err = SecIdentityCopyCertificate(identity, &cert);
if(err == noErr) { if(err == noErr) {
OSStatus copy_status = noErr;
#if CURL_BUILD_IOS #if CURL_BUILD_IOS
common_name = SecCertificateCopySubjectSummary(cert); common_name = SecCertificateCopySubjectSummary(cert);
#elif CURL_BUILD_MAC_10_7 #elif CURL_BUILD_MAC_10_7
SecCertificateCopyCommonName(cert, &common_name); copy_status = SecCertificateCopyCommonName(cert, &common_name);
#endif #endif
if(CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) { if(copy_status == noErr &&
CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
CFRelease(cert); CFRelease(cert);
CFRelease(common_name); CFRelease(common_name);
CFRetain(identity); CFRetain(identity);