qsslsocket_mac - check that SecCertificateRef is not null

That's the only place there we can potentially pass a null pointer to CFArrayAppendValue (all other calls are conditionally-protected). This results in (surprise! ... ?) Objective-C exception (while we call something that is a pure-C API). So far we cannot reproduce this crash and can only speculate: probably this happens with invalid (can be either really invalid or the result of our generic QSslCertificate's failure to read/ parse)) custom CA certificates appended to a QSslConfiguration object by applications using QSslSocket/QNAM. The fix will probably make a handshake to fail, but this seems to be better than a crash anyway. Task-number: QTBUG-58213 Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
2017-06-09 16:08:40 +02:00 · 2017-06-09 16:08:40 +02:00 · 96955dbe10
commit 96955dbe10
parent 26fd805f50
1 changed files with 4 additions and 2 deletions
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@ -1219,8 +1219,10 @@ bool QSslSocketBackendPrivate::verifyPeerTrust()
    QCFType<CFMutableArrayRef> certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
    for (const QSslCertificate &cert : qAsConst(configuration.caCertificates)) {
        QCFType<CFDataRef> certData = cert.d->derData.toCFData();
-        QCFType<SecCertificateRef> certRef = SecCertificateCreateWithData(NULL, certData);
-        CFArrayAppendValue(certArray, certRef);
+        if (QCFType<SecCertificateRef> secRef = SecCertificateCreateWithData(NULL, certData))
+            CFArrayAppendValue(certArray, secRef);
+        else
+            qCWarning(lcSsl, "Failed to create SecCertificate from QSslCertificate");
    }

    SecTrustSetAnchorCertificates(trust, certArray);