Commit 71f0fb77 authored by Brad Fitzpatrick's avatar Brad Fitzpatrick

crypto/x509: don't crash with nil receiver in accessor method

Fixes #2600

R=golang-dev, agl, rsc
CC=golang-dev
https://golang.org/cl/5500064
parent 97853b46
...@@ -28,6 +28,9 @@ func NewCertPool() *CertPool { ...@@ -28,6 +28,9 @@ func NewCertPool() *CertPool {
// given certificate. If no such certificate can be found or the signature // given certificate. If no such certificate can be found or the signature
// doesn't match, it returns nil. // doesn't match, it returns nil.
func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int) { func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int) {
if s == nil {
return
}
var candidates []int var candidates []int
if len(cert.AuthorityKeyId) > 0 { if len(cert.AuthorityKeyId) > 0 {
......
...@@ -19,6 +19,7 @@ type verifyTest struct { ...@@ -19,6 +19,7 @@ type verifyTest struct {
roots []string roots []string
currentTime int64 currentTime int64
dnsName string dnsName string
nilRoots bool
errorCallback func(*testing.T, int, error) bool errorCallback func(*testing.T, int, error) bool
expectedChains [][]string expectedChains [][]string
...@@ -45,6 +46,14 @@ var verifyTests = []verifyTest{ ...@@ -45,6 +46,14 @@ var verifyTests = []verifyTest{
errorCallback: expectHostnameError, errorCallback: expectHostnameError,
}, },
{
leaf: googleLeaf,
intermediates: []string{thawteIntermediate},
nilRoots: true, // verifies that we don't crash
currentTime: 1302726541,
dnsName: "www.google.com",
errorCallback: expectAuthorityUnknown,
},
{ {
leaf: googleLeaf, leaf: googleLeaf,
intermediates: []string{thawteIntermediate}, intermediates: []string{thawteIntermediate},
...@@ -136,6 +145,9 @@ func TestVerify(t *testing.T) { ...@@ -136,6 +145,9 @@ func TestVerify(t *testing.T) {
DNSName: test.dnsName, DNSName: test.dnsName,
CurrentTime: time.Unix(test.currentTime, 0), CurrentTime: time.Unix(test.currentTime, 0),
} }
if test.nilRoots {
opts.Roots = nil
}
for j, root := range test.roots { for j, root := range test.roots {
ok := opts.Roots.AppendCertsFromPEM([]byte(root)) ok := opts.Roots.AppendCertsFromPEM([]byte(root))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment