Check cert_handle_ is not NULL to Verify()

If X509Certificate is created in URLRequestAutomationJob or URLRequestInterceptJob, cert_handle_ is NULL. So if such certificate is being to be verified (not sure it happens), it would cause crash or some problem. BUG=15614 TEST=none Review URL: http://codereview.chromium.org/329036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30319 0039d316-1c4b-4281-b951-d872f2087c98

Check cert_handle_ is not NULL to Verify()
If X509Certificate is created in URLRequestAutomationJob or URLRequestInterceptJob, cert_handle_ is NULL. So if such certificate is being to be verified (not sure it happens), it would cause crash or some problem. BUG=15614 TEST=none Review URL: http://codereview.chromium.org/329036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30319 0039d316-1c4b-4281-b951-d872f2087c98
1dc1dffc · ukai@chromium.org · 1f410001 · 1dc1dffc
Commit 1dc1dffc authored Oct 28, 2009 by ukai@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 10 deletions

net/base/x509_certificate_win.cc net/base/x509_certificate_win.cc +18 -10

No files found.
--- a/net/base/x509_certificate_win.cc
+++ b/net/base/x509_certificate_win.cc
@@ -436,6 +436,7 @@ void X509Certificate::Initialize() {
  std::wstring subject_info;
  std::wstring issuer_info;
  DWORD name_size;
+  DCHECK(cert_handle_);
  name_size = CertNameToStr(cert_handle_->dwCertEncodingType,
                            &cert_handle_->pCertInfo->Subject,
                            CERT_X500_NAME_STR | CERT_NAME_STR_CRLF_FLAG,
@@ -484,6 +485,7 @@ X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle,
 }

 void X509Certificate::Persist(Pickle* pickle) {
+  DCHECK(cert_handle_);
  DWORD length;
  if (!CertSerializeCertificateStoreElement(cert_handle_, 0,
      NULL, &length)) {
@@ -501,16 +503,19 @@ void X509Certificate::Persist(Pickle* pickle) {

 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const {
  dns_names->clear();
-  scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info;
-  GetCertSubjectAltName(cert_handle_, &alt_name_info);
-  CERT_ALT_NAME_INFO* alt_name = alt_name_info.get();
-  if (alt_name) {
-    int num_entries = alt_name->cAltEntry;
-    for (int i = 0; i < num_entries; i++) {
-      // dNSName is an ASN.1 IA5String representing a string of ASCII
-      // characters, so we can use WideToASCII here.
-      if (alt_name->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME)
-        dns_names->push_back(WideToASCII(alt_name->rgAltEntry[i].pwszDNSName));
+  if (cert_handle_) {
+    scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info;
+    GetCertSubjectAltName(cert_handle_, &alt_name_info);
+    CERT_ALT_NAME_INFO* alt_name = alt_name_info.get();
+    if (alt_name) {
+      int num_entries = alt_name->cAltEntry;
+      for (int i = 0; i < num_entries; i++) {
+        // dNSName is an ASN.1 IA5String representing a string of ASCII
+        // characters, so we can use WideToASCII here.
+        if (alt_name->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME)
+          dns_names->push_back(
+              WideToASCII(alt_name->rgAltEntry[i].pwszDNSName));
+      }
    }
  }
  if (dns_names->empty())
@@ -521,6 +526,8 @@ int X509Certificate::Verify(const std::string& hostname,
                            int flags,
                            CertVerifyResult* verify_result) const {
  verify_result->Reset();
+  if (!cert_handle_)
+    return ERR_UNEXPECTED;

  // Build and validate certificate chain.

@@ -671,6 +678,7 @@ int X509Certificate::Verify(const std::string& hostname,
 // of the EV Certificate Guidelines Version 1.0 at
 // http://cabforum.org/EV_Certificate_Guidelines.pdf.
 bool X509Certificate::VerifyEV() const {
+  DCHECK(cert_handle_);
  net::EVRootCAMetadata* metadata = net::EVRootCAMetadata::GetInstance();

  PCCERT_CHAIN_CONTEXT chain_context = ConstructCertChain(cert_handle_,