diff options
| author | ejanchivdorj <ejanchivdorj@tableau.com> | 2021-05-24 23:38:17 -0700 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-05-25 11:22:09 +0200 |
| commit | a63dae5d078b24dc441e421a37fa7daf09fc4768 (patch) | |
| tree | 8c84b13ed586c601471c54c47cdbadf6bf1edff0 | |
| parent | 643ec296456ba98c536857fce3ecfd021d44d913 (diff) | |
| download | curl-a63dae5d078b24dc441e421a37fa7daf09fc4768.tar.gz | |
sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
When the SecCertificateCopyCommonName function fails, it leaves
common_name in a invalid state so CFStringCompare uses the invalid
result, causing EXC_BAD_ACCESS.
The fix is to check the return value of the function before using the
name.
Closes #7126
| -rw-r--r-- | lib/vtls/sectransp.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index 4122384dd..edd375ea7 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -1158,12 +1158,14 @@ static OSStatus CopyIdentityWithLabel(char *label, (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i); err = SecIdentityCopyCertificate(identity, &cert); if(err == noErr) { + OSStatus copy_status = noErr; #if CURL_BUILD_IOS common_name = SecCertificateCopySubjectSummary(cert); #elif CURL_BUILD_MAC_10_7 - SecCertificateCopyCommonName(cert, &common_name); + copy_status = SecCertificateCopyCommonName(cert, &common_name); #endif - if(CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) { + if(copy_status == noErr && + CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) { CFRelease(cert); CFRelease(common_name); CFRetain(identity); |