Commit 69cdc959 authored by Nick Zitzmann's avatar Nick Zitzmann
Browse files

darwinssl: fix potential crash when attempting to copy an identity 

from a P12 file

This could've happened if SecPKCS12Import() returned noErr _and_ no
identity.
parent 4167498f

lib/vtls/curl_darwinssl.c

+4 −2
Original line number Diff line number Diff line
@@ -952,7 +952,7 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath, 


    /* Here we go: */

    status = SecPKCS12Import(pkcs_data, options, &items);

    if(status == noErr) {

    if(status == noErr && items && CFArrayGetCount(items)) {

      CFDictionaryRef identity_and_trust = CFArrayGetValueAtIndex(items, 0L);

      const void *temp_identity = CFDictionaryGetValue(identity_and_trust,

        kSecImportItemIdentity);
@@ -960,8 +960,10 @@ static OSStatus CopyIdentityFromPKCS12File(const char *cPath, 
      /* Retain the identity; we don't care about any other data... */

      CFRetain(temp_identity);

      *out_cert_and_key = (SecIdentityRef)temp_identity;

      CFRelease(items);

    }



    if(items)

      CFRelease(items);

    CFRelease(options);

    CFRelease(pkcs_data);

  }