qsslsocket_mac - check that SecCertificateRef is not null

That's the only place there we can potentially pass a null pointer
to CFArrayAppendValue (all other calls are conditionally-protected).
This results in (surprise! ... ?) Objective-C exception (while we call
something that is a pure-C API). So far we cannot reproduce this crash and
can only speculate: probably this happens with invalid (can be either
really invalid or the result of our generic QSslCertificate's failure to read/
parse)) custom CA certificates appended to a QSslConfiguration object by
applications  using QSslSocket/QNAM. The fix will probably make a handshake to
fail, but this seems to be better than a crash anyway.

Task-number: QTBUG-58213
Change-Id: Ie4f9ab2138bc383adc9f9ed55ed61be2d3cf7020
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>

1 files changed, 4 insertions, 2 deletions

diff --git a/src/network/ssl/qsslsocket_mac.cpp b/src/network/ssl/qsslsocket_mac.cpp
index 78aceadb81..10f6fb4e41 100644
--- a/src/network/ssl/qsslsocket_mac.cpp
+++ b/src/network/ssl/qsslsocket_mac.cpp
@@ -1219,8 +1219,10 @@ bool QSslSocketBackendPrivate::verifyPeerTrust()
     QCFType<CFMutableArrayRef> certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
     for (const QSslCertificate &cert : qAsConst(configuration.caCertificates)) {
         QCFType<CFDataRef> certData = cert.d->derData.toCFData();
-        QCFType<SecCertificateRef> certRef = SecCertificateCreateWithData(NULL, certData);
-        CFArrayAppendValue(certArray, certRef);
+        if (QCFType<SecCertificateRef> secRef = SecCertificateCreateWithData(NULL, certData))
+            CFArrayAppendValue(certArray, secRef);
+        else
+            qCWarning(lcSsl, "Failed to create SecCertificate from QSslCertificate");
     }
 
     SecTrustSetAnchorCertificates(trust, certArray);