diff options
author | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-06-09 16:08:40 +0200 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-06-13 04:33:54 +0000 |
commit | 96955dbe10b9b67330cc72fc9a2e016a5d7c4a82 (patch) | |
tree | 2002f6b8a93c6a6d512dd42cdfd2bf5b0de06b66 /src/network/ssl | |
parent | 26fd805f500acfdcf730f2488a66e18c72d0ff9a (diff) |
qsslsocket_mac - check that SecCertificateRef is not null
That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.
Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/network/ssl')
-rw-r--r-- | src/network/ssl/qsslsocket_mac.cpp | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp index 78aceadb81..10f6fb4e41 100644 --- a/src/network/ssl/qsslsocket_mac.cpp +++ b/src/network/ssl/qsslsocket_mac.cpp @@ -1219,8 +1219,10 @@ bool QSslSocketBackendPrivate::verifyPeerTrust() QCFType<CFMutableArrayRef> certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); for (const QSslCertificate &cert : qAsConst(configuration.caCertificates)) { QCFType<CFDataRef> certData = cert.d->derData.toCFData(); - QCFType<SecCertificateRef> certRef = SecCertificateCreateWithData(NULL, certData); - CFArrayAppendValue(certArray, certRef); + if (QCFType<SecCertificateRef> secRef = SecCertificateCreateWithData(NULL, certData)) + CFArrayAppendValue(certArray, secRef); + else + qCWarning(lcSsl, "Failed to create SecCertificate from QSslCertificate"); } SecTrustSetAnchorCertificates(trust, certArray); |