grpc/29359.patch

From 1988ebe6547df3a6b45d46a495ff5845cc9740d2 Mon Sep 17 00:00:00 2001
From: "Benjamin A. Beasley" <code@musicinmybrain.net>
Date: Fri, 8 Apr 2022 15:34:49 -0400
Subject: [PATCH] Do not segfault when peer CN is absent

In HostNameCertificateVerifier::Verify, do not use the
peer_info->common_name if it is a null pointer.
---
 .../security/credentials/tls/grpc_tls_certificate_verifier.cc  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
index 9bf92c6c0195..7651f17ffcb8 100644
--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
@@ -142,7 +142,8 @@ bool HostNameCertificateVerifier::Verify(
     const char* common_name = request->peer_info.common_name;
     // We are using the target name sent from the client as a matcher to match
     // against identity name on the peer cert.
-    if (VerifySubjectAlternativeName(common_name, std::string(target_host))) {
+    if (common_name != nullptr &&
+        VerifySubjectAlternativeName(common_name, std::string(target_host))) {
       return true;  // synchronous check
     }
   }
Update to 1.46.1 (close RHBZ#2024386) - No longer depends on wyhash, as the core of the algorithm has been rewritten and included in the primary sources 2022-02-23 22:13:53 +00:00			`From 1988ebe6547df3a6b45d46a495ff5845cc9740d2 Mon Sep 17 00:00:00 2001`
			`From: "Benjamin A. Beasley" <code@musicinmybrain.net>`
			`Date: Fri, 8 Apr 2022 15:34:49 -0400`
			`Subject: [PATCH] Do not segfault when peer CN is absent`

			`In HostNameCertificateVerifier::Verify, do not use the`
			`peer_info->common_name if it is a null pointer.`
			`---`
			`.../security/credentials/tls/grpc_tls_certificate_verifier.cc \| 3 ++-`
			`1 file changed, 2 insertions(+), 1 deletion(-)`

			`diff --git a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc`
			`index 9bf92c6c0195..7651f17ffcb8 100644`
			`--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc`
			`+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc`
			`@@ -142,7 +142,8 @@ bool HostNameCertificateVerifier::Verify(`
			`const char* common_name = request->peer_info.common_name;`
			`// We are using the target name sent from the client as a matcher to match`
			`// against identity name on the peer cert.`
			`- if (VerifySubjectAlternativeName(common_name, std::string(target_host))) {`
			`+ if (common_name != nullptr &&`
			`+ VerifySubjectAlternativeName(common_name, std::string(target_host))) {`
			`return true; // synchronous check`
			`}`
			`}`