From a63dae5d078b24dc441e421a37fa7daf09fc4768 Mon Sep 17 00:00:00 2001
From: ejanchivdorj <ejanchivdorj@tableau.com>
Date: Mon, 24 May 2021 23:38:17 -0700
Subject: sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer

When the SecCertificateCopyCommonName function fails, it leaves
common_name in a invalid state so CFStringCompare uses the invalid
result, causing EXC_BAD_ACCESS.

The fix is to check the return value of the function before using the
name.

Closes #7126
---
 lib/vtls/sectransp.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index 4122384dd..edd375ea7 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -1158,12 +1158,14 @@ static OSStatus CopyIdentityWithLabel(char *label,
           (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i);
         err = SecIdentityCopyCertificate(identity, &cert);
         if(err == noErr) {
+          OSStatus copy_status = noErr;
 #if CURL_BUILD_IOS
           common_name = SecCertificateCopySubjectSummary(cert);
 #elif CURL_BUILD_MAC_10_7
-          SecCertificateCopyCommonName(cert, &common_name);
+          copy_status = SecCertificateCopyCommonName(cert, &common_name);
 #endif
-          if(CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
+          if(copy_status == noErr &&
+            CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
             CFRelease(cert);
             CFRelease(common_name);
             CFRetain(identity);
-- 
cgit v1.2.1