From 1988ebe6547df3a6b45d46a495ff5845cc9740d2 Mon Sep 17 00:00:00 2001
From: "Benjamin A. Beasley" <code@musicinmybrain.net>
Date: Fri, 8 Apr 2022 15:34:49 -0400
Subject: [PATCH] Do not segfault when peer CN is absent

In HostNameCertificateVerifier::Verify, do not use the
peer_info->common_name if it is a null pointer.
---
 .../security/credentials/tls/grpc_tls_certificate_verifier.cc  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
index 9bf92c6c0195..7651f17ffcb8 100644
--- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
+++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc
@@ -142,7 +142,8 @@ bool HostNameCertificateVerifier::Verify(
     const char* common_name = request->peer_info.common_name;
     // We are using the target name sent from the client as a matcher to match
     // against identity name on the peer cert.
-    if (VerifySubjectAlternativeName(common_name, std::string(target_host))) {
+    if (common_name != nullptr &&
+        VerifySubjectAlternativeName(common_name, std::string(target_host))) {
       return true;  // synchronous check
     }
   }