darwinssl: handle long strings in TLS certs (follow-up)

- Fix handling certificate subjects that are already UTF-8 encoded.

Follow-up to b3b75d1 from two days ago. Since then a copy would be
skipped if the subject was already UTF-8, possibly resulting in a NULL
deref later on.

Ref: https://github.com/curl/curl/issues/1823
Ref: https://github.com/curl/curl/pull/1831

Closes https://github.com/curl/curl/pull/1836

1 files changed, 17 insertions, 2 deletions

diff --git a/lib/vtls/darwinssl.c b/lib/vtls/darwinssl.c
index d6503216a..b4747dcf2 100644
--- a/lib/vtls/darwinssl.c
+++ b/lib/vtls/darwinssl.c
@@ -910,11 +910,26 @@ static CURLcode CopyCertSubject(struct Curl_easy *data,
 {
   CFStringRef c = getsubject(cert);
   CURLcode result = CURLE_OK;
+  const char *direct;
   char *cbuf = NULL;
   *certp = NULL;
 
-  /* If subject is not UTF-8 then check if it can be converted */
-  if(!CFStringGetCStringPtr(c, kCFStringEncodingUTF8)) {
+  if(!c) {
+    failf(data, "SSL: invalid CA certificate subject");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* If the subject is already available as UTF-8 encoded (ie 'direct') then
+     use that, else convert it. */
+  direct = CFStringGetCStringPtr(c, kCFStringEncodingUTF8);
+  if(direct) {
+    *certp = strdup(direct);
+    if(!*certp) {
+      failf(data, "SSL: out of memory");
+      result = CURLE_OUT_OF_MEMORY;
+    }
+  }
+  else {
     size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1;
     cbuf = calloc(cbuf_size, 1);
     if(cbuf) {