grpc/29359.patch

26 lines
1.3 KiB
Diff
Raw Normal View History

From 1988ebe6547df3a6b45d46a495ff5845cc9740d2 Mon Sep 17 00:00:00 2001
From: "Benjamin A. Beasley" <code@musicinmybrain.net>
Date: Fri, 8 Apr 2022 15:34:49 -0400
Subject: [PATCH] Do not segfault when peer CN is absent
In HostNameCertificateVerifier::Verify, do not use the
peer_info->common_name if it is a null pointer.
---
.../security/credentials/tls/grpc_tls_certificate_verifier.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
index 9bf92c6c0195..7651f17ffcb8 100644
--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
@@ -142,7 +142,8 @@ bool HostNameCertificateVerifier::Verify(
const char* common_name = request->peer_info.common_name;
// We are using the target name sent from the client as a matcher to match
// against identity name on the peer cert.
- if (VerifySubjectAlternativeName(common_name, std::string(target_host))) {
+ if (common_name != nullptr &&
+ VerifySubjectAlternativeName(common_name, std::string(target_host))) {
return true; // synchronous check
}
}