]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 97853b4)
crypto/x509: don't crash with nil receiver in accessor method
authorBrad Fitzpatrick <bradfitz@golang.org>
Wed, 21 Dec 2011 18:49:35 +0000 (10:49 -0800)
committerBrad Fitzpatrick <bradfitz@golang.org>
Wed, 21 Dec 2011 18:49:35 +0000 (10:49 -0800)
Fixes #2600

R=golang-dev, agl, rsc
CC=golang-dev
https://golang.org/cl/5500064

src/pkg/crypto/x509/cert_pool.go patch | blob | history
src/pkg/crypto/x509/verify_test.go patch | blob | history

diff --git a/src/pkg/crypto/x509/cert_pool.go b/src/pkg/crypto/x509/cert_pool.go
index adc7f9bc6d76e09bacbefd4703f9235b12f94756..5a0a87678e37336d238c23f222e89e1bbba05b45 100644 (file)
--- a/src/pkg/crypto/x509/cert_pool.go
+++ b/src/pkg/crypto/x509/cert_pool.go
@@ -28,6 +28,9 @@ func NewCertPool() *CertPool {
 // given certificate. If no such certificate can be found or the signature
 // doesn't match, it returns nil.
 func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int) {
+       if s == nil {
+               return
+       }
        var candidates []int
 
        if len(cert.AuthorityKeyId) > 0 {
diff --git a/src/pkg/crypto/x509/verify_test.go b/src/pkg/crypto/x509/verify_test.go
index df5443023ff9923d1633cb2df7e609309aaefe67..2016858307e275e8ec3f81d6d7be1d9dfd07545b 100644 (file)
--- a/src/pkg/crypto/x509/verify_test.go
+++ b/src/pkg/crypto/x509/verify_test.go
@@ -19,6 +19,7 @@ type verifyTest struct {
        roots         []string
        currentTime   int64
        dnsName       string
+       nilRoots      bool
 
        errorCallback  func(*testing.T, int, error) bool
        expectedChains [][]string
@@ -45,6 +46,14 @@ var verifyTests = []verifyTest{
 
                errorCallback: expectHostnameError,
        },
+       {
+               leaf:          googleLeaf,
+               intermediates: []string{thawteIntermediate},
+               nilRoots:      true, // verifies that we don't crash
+               currentTime:   1302726541,
+               dnsName:       "www.google.com",
+               errorCallback: expectAuthorityUnknown,
+       },
        {
                leaf:          googleLeaf,
                intermediates: []string{thawteIntermediate},
@@ -136,6 +145,9 @@ func TestVerify(t *testing.T) {
                        DNSName:       test.dnsName,
                        CurrentTime:   time.Unix(test.currentTime, 0),
                }
+               if test.nilRoots {
+                       opts.Roots = nil
+               }
 
                for j, root := range test.roots {
                        ok := opts.Roots.AppendCertsFromPEM([]byte(root))
Go GOST TLS 1.3