diff options
author | Carlos Martín Nieto <cmn@dwim.me> | 2016-08-05 18:40:37 +0200 |
---|---|---|
committer | Carlos Martín Nieto <cmn@dwim.me> | 2016-10-01 17:40:41 +0200 |
commit | b64722fd52113a0534527c7e0867d60f32783ba3 (patch) | |
tree | 475de4627068d415c04365eef18697a7c3c6b24f | |
parent | 1fafead53a57d8951e21907cd6bc0d9b8c7a6ffd (diff) | |
download | libgit2-b64722fd52113a0534527c7e0867d60f32783ba3.tar.gz |
SecureTransport: handle NULL trust on success
The `SSLCopyPeerTrust` call can succeed but fail to return a trust
object if it can't load the certificate chain and thus cannot check the
validity of a certificate. This can lead to us calling `CFRelease` on a
`NULL` trust object, causing a crash.
Handle this by returning ECERTIFICATE.
-rw-r--r-- | src/stransport_stream.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/stransport_stream.c b/src/stransport_stream.c index 832f66b45..2a13fb55b 100644 --- a/src/stransport_stream.c +++ b/src/stransport_stream.c @@ -67,6 +67,9 @@ int stransport_connect(git_stream *stream) if ((ret = SSLCopyPeerTrust(st->ctx, &trust)) != noErr) goto on_error; + if (!trust) + return GIT_ECERTIFICATE; + if ((ret = SecTrustEvaluate(trust, &sec_res)) != noErr) goto on_error; |