From 1988ebe6547df3a6b45d46a495ff5845cc9740d2 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Beasley" Date: Fri, 8 Apr 2022 15:34:49 -0400 Subject: [PATCH] Do not segfault when peer CN is absent In HostNameCertificateVerifier::Verify, do not use the peer_info->common_name if it is a null pointer. --- .../security/credentials/tls/grpc_tls_certificate_verifier.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc index 9bf92c6c0195..7651f17ffcb8 100644 --- a/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +++ b/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc @@ -142,7 +142,8 @@ bool HostNameCertificateVerifier::Verify( const char* common_name = request->peer_info.common_name; // We are using the target name sent from the client as a matcher to match // against identity name on the peer cert. - if (VerifySubjectAlternativeName(common_name, std::string(target_host))) { + if (common_name != nullptr && + VerifySubjectAlternativeName(common_name, std::string(target_host))) { return true; // synchronous check } }