From: ejanchivdorj <ejanchivdorj@tableau.com>
Date: Tue, 25 May 2021 06:38:17 +0000 (-0700)
Subject: sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
X-Git-Tag: curl-7_77_0~7
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a63dae5d078b24dc441e421a37fa7daf09fc4768;p=thirdparty%2Fcurl.git

sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer

When the SecCertificateCopyCommonName function fails, it leaves
common_name in a invalid state so CFStringCompare uses the invalid
result, causing EXC_BAD_ACCESS.

The fix is to check the return value of the function before using the
name.

Closes #7126
---

diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index 4122384ddc..edd375ea7d 100644
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -1158,12 +1158,14 @@ static OSStatus CopyIdentityWithLabel(char *label,
           (SecIdentityRef) CFArrayGetValueAtIndex(keys_list, i);
         err = SecIdentityCopyCertificate(identity, &cert);
         if(err == noErr) {
+          OSStatus copy_status = noErr;
 #if CURL_BUILD_IOS
           common_name = SecCertificateCopySubjectSummary(cert);
 #elif CURL_BUILD_MAC_10_7
-          SecCertificateCopyCommonName(cert, &common_name);
+          copy_status = SecCertificateCopyCommonName(cert, &common_name);
 #endif
-          if(CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
+          if(copy_status == noErr &&
+            CFStringCompare(common_name, label_cf, 0) == kCFCompareEqualTo) {
             CFRelease(cert);
             CFRelease(common_name);
             CFRetain(identity);