From b42553e52a45726e6d4e2148cab77784cce07947 Mon Sep 17 00:00:00 2001
From: Kenneth Anthony Giusti <kgiusti@apache.org>
Date: Thu, 23 May 2013 21:34:08 +0000
Subject: QPID-4883: check for null pointer when parsing certificate CommonName

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1485860 13f79535-47bb-0310-9956-ffa450edef68
---
 qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp b/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
index a328e49c13..a721918f57 100644
--- a/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
+++ b/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
@@ -336,16 +336,19 @@ std::string SslSocket::getClientAuthId() const
     std::string authId;
     CERTCertificate* cert = SSL_PeerCertificate(nssSocket);
     if (cert) {
-        authId = CERT_GetCommonName(&(cert->subject));
-        /*
-         * The NSS function CERT_GetDomainComponentName only returns
-         * the last component of the domain name, so we have to parse
-         * the subject manually to extract the full domain.
-         */
-        std::string domain = getDomainFromSubject(cert->subjectName);
-        if (!domain.empty()) {
-            authId += DOMAIN_SEPARATOR;
-            authId += domain;
+        char *cn = CERT_GetCommonName(&(cert->subject));
+        if (cn) {
+            authId = std::string(cn);
+            /*
+             * The NSS function CERT_GetDomainComponentName only returns
+             * the last component of the domain name, so we have to parse
+             * the subject manually to extract the full domain.
+             */
+            std::string domain = getDomainFromSubject(cert->subjectName);
+            if (!domain.empty()) {
+                authId += DOMAIN_SEPARATOR;
+                authId += domain;
+            }
         }
         CERT_DestroyCertificate(cert);
     }
-- 
cgit v1.2.1