summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCarlos Martín Nieto <cmn@dwim.me>2016-08-05 18:40:37 +0200
committerCarlos Martín Nieto <cmn@dwim.me>2016-10-01 17:40:41 +0200
commitb64722fd52113a0534527c7e0867d60f32783ba3 (patch)
tree475de4627068d415c04365eef18697a7c3c6b24f
parent1fafead53a57d8951e21907cd6bc0d9b8c7a6ffd (diff)
downloadlibgit2-b64722fd52113a0534527c7e0867d60f32783ba3.tar.gz
SecureTransport: handle NULL trust on success
The `SSLCopyPeerTrust` call can succeed but fail to return a trust object if it can't load the certificate chain and thus cannot check the validity of a certificate. This can lead to us calling `CFRelease` on a `NULL` trust object, causing a crash. Handle this by returning ECERTIFICATE.
-rw-r--r--src/stransport_stream.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/stransport_stream.c b/src/stransport_stream.c
index 832f66b45..2a13fb55b 100644
--- a/src/stransport_stream.c
+++ b/src/stransport_stream.c
@@ -67,6 +67,9 @@ int stransport_connect(git_stream *stream)
if ((ret = SSLCopyPeerTrust(st->ctx, &trust)) != noErr)
goto on_error;
+ if (!trust)
+ return GIT_ECERTIFICATE;
+
if ((ret = SecTrustEvaluate(trust, &sec_res)) != noErr)
goto on_error;