From b64722fd52113a0534527c7e0867d60f32783ba3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= Date: Fri, 5 Aug 2016 18:40:37 +0200 Subject: [PATCH] SecureTransport: handle NULL trust on success The `SSLCopyPeerTrust` call can succeed but fail to return a trust object if it can't load the certificate chain and thus cannot check the validity of a certificate. This can lead to us calling `CFRelease` on a `NULL` trust object, causing a crash. Handle this by returning ECERTIFICATE. --- src/stransport_stream.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/stransport_stream.c b/src/stransport_stream.c index 832f66b45..2a13fb55b 100644 --- a/src/stransport_stream.c +++ b/src/stransport_stream.c @@ -67,6 +67,9 @@ int stransport_connect(git_stream *stream) if ((ret = SSLCopyPeerTrust(st->ctx, &trust)) != noErr) goto on_error; + if (!trust) + return GIT_ECERTIFICATE; + if ((ret = SecTrustEvaluate(trust, &sec_res)) != noErr) goto on_error;