crypto/x509: don't crash with nil receiver in accessor method

Fixes #2600 R=golang-dev, agl, rsc CC=golang-dev https://golang.org/cl/5500064

crypto/x509: don't crash with nil receiver in accessor method
Fixes #2600 R=golang-dev, agl, rsc CC=golang-dev https://golang.org/cl/5500064
71f0fb77 · Brad Fitzpatrick · 97853b46 · 71f0fb77 · 71f0fb77
Commit 71f0fb77 authored Dec 21, 2011 by Brad Fitzpatrick
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 0 deletions

cert_pool.go src/pkg/crypto/x509/cert_pool.go +3 -0

verify_test.go src/pkg/crypto/x509/verify_test.go +12 -0

No files found.
--- a/src/pkg/crypto/x509/cert_pool.go
+++ b/src/pkg/crypto/x509/cert_pool.go
@@ -28,6 +28,9 @@ func NewCertPool() *CertPool {
 // given certificate. If no such certificate can be found or the signature
 // doesn't match, it returns nil.
 func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int) {
+	if s == nil {
+		return
+	}
 	var candidates []int

 	if len(cert.AuthorityKeyId) > 0 {

--- a/src/pkg/crypto/x509/verify_test.go
+++ b/src/pkg/crypto/x509/verify_test.go
@@ -19,6 +19,7 @@ type verifyTest struct {
 	roots         []string
 	currentTime   int64
 	dnsName       string
+	nilRoots      bool

 	errorCallback  func(*testing.T, int, error) bool
 	expectedChains [][]string
@@ -45,6 +46,14 @@ var verifyTests = []verifyTest{

 		errorCallback: expectHostnameError,
 	},
+	{
+		leaf:          googleLeaf,
+		intermediates: []string{thawteIntermediate},
+		nilRoots:      true, // verifies that we don't crash
+		currentTime:   1302726541,
+		dnsName:       "www.google.com",
+		errorCallback: expectAuthorityUnknown,
+	},
 	{
 		leaf:          googleLeaf,
 		intermediates: []string{thawteIntermediate},
@@ -136,6 +145,9 @@ func TestVerify(t *testing.T) {
 			DNSName:       test.dnsName,
 			CurrentTime:   time.Unix(test.currentTime, 0),
 		}
+		if test.nilRoots {
+			opts.Roots = nil
+		}

 		for j, root := range test.roots {
 			ok := opts.Roots.AppendCertsFromPEM([]byte(root))