Check cert_handle_ is not NULL to Verify()

net/base/x509_certificate_win.cc

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include "base/logging.h"
 #include "base/pickle.h"
 #include "base/string_tokenizer.h"
 #include "base/string_util.h"
@@ skipping 418 matching lines @@
       *(single_values[i]) = (*(single_value_lists[i]))[0];
   }
 }
 
 }  // namespace
 
 void X509Certificate::Initialize() {
   std::wstring subject_info;
   std::wstring issuer_info;
   DWORD name_size;
+  DCHECK(cert_handle_);
   name_size = CertNameToStr(cert_handle_->dwCertEncodingType,
                             &cert_handle_->pCertInfo->Subject,
                             CERT_X500_NAME_STR | CERT_NAME_STR_CRLF_FLAG,
                             NULL, 0);
   name_size = CertNameToStr(cert_handle_->dwCertEncodingType,
                             &cert_handle_->pCertInfo->Subject,
                             CERT_X500_NAME_STR | CERT_NAME_STR_CRLF_FLAG,
                             WriteInto(&subject_info, name_size), name_size);
   name_size = CertNameToStr(cert_handle_->dwCertEncodingType,
                             &cert_handle_->pCertInfo->Issuer,
@@ skipping 28 matching lines @@
       NULL,  // the cert won't be persisted in any cert store
       reinterpret_cast<const BYTE*>(data), length,
       CERT_STORE_ADD_USE_EXISTING, 0, CERT_STORE_CERTIFICATE_CONTEXT_FLAG,
       NULL, reinterpret_cast<const void **>(&cert_handle)))
     return NULL;
 
   return CreateFromHandle(cert_handle, SOURCE_LONE_CERT_IMPORT);
 }
 
 void X509Certificate::Persist(Pickle* pickle) {
+  DCHECK(cert_handle_);
   DWORD length;
   if (!CertSerializeCertificateStoreElement(cert_handle_, 0,
       NULL, &length)) {
     NOTREACHED();
     return;
   }
   BYTE* data = reinterpret_cast<BYTE*>(pickle->BeginWriteData(length));
   if (!CertSerializeCertificateStoreElement(cert_handle_, 0,
       data, &length)) {
     NOTREACHED();
     length = 0;
   }
   pickle->TrimWriteData(length);
 }
 
 void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const {
   dns_names->clear();
-  scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info;
-  GetCertSubjectAltName(cert_handle_, &alt_name_info);
-  CERT_ALT_NAME_INFO* alt_name = alt_name_info.get();
-  if (alt_name) {
-    int num_entries = alt_name->cAltEntry;
-    for (int i = 0; i < num_entries; i++) {
-      // dNSName is an ASN.1 IA5String representing a string of ASCII
-      // characters, so we can use WideToASCII here.
-      if (alt_name->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME)
-        dns_names->push_back(WideToASCII(alt_name->rgAltEntry[i].pwszDNSName));
+  if (cert_handle_) {
+    scoped_ptr_malloc<CERT_ALT_NAME_INFO> alt_name_info;
+    GetCertSubjectAltName(cert_handle_, &alt_name_info);
+    CERT_ALT_NAME_INFO* alt_name = alt_name_info.get();
+    if (alt_name) {
+      int num_entries = alt_name->cAltEntry;
+      for (int i = 0; i < num_entries; i++) {
+        // dNSName is an ASN.1 IA5String representing a string of ASCII
+        // characters, so we can use WideToASCII here.
+        if (alt_name->rgAltEntry[i].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME)
+          dns_names->push_back(
+              WideToASCII(alt_name->rgAltEntry[i].pwszDNSName));
+      }
     }
   }
   if (dns_names->empty())
     dns_names->push_back(subject_.common_name);
 }
 
 int X509Certificate::Verify(const std::string& hostname,
                             int flags,
                             CertVerifyResult* verify_result) const {
   verify_result->Reset();
+  if (!cert_handle_)
+    return ERR_UNEXPECTED;
 
   // Build and validate certificate chain.
 
   CERT_CHAIN_PARA chain_para;
   memset(&chain_para, 0, sizeof(chain_para));
   chain_para.cbSize = sizeof(chain_para);
   // TODO(wtc): consider requesting the usage szOID_PKIX_KP_SERVER_AUTH
   // or szOID_SERVER_GATED_CRYPTO or szOID_SGC_NETSCAPE
   chain_para.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND;
   chain_para.RequestedUsage.Usage.cUsageIdentifier = 0;
@@ skipping 130 matching lines @@
   return OK;
 }
 
 // Returns true if the certificate is an extended-validation certificate.
 //
 // This function checks the certificatePolicies extensions of the
 // certificates in the certificate chain according to Section 7 (pp. 11-12)
 // of the EV Certificate Guidelines Version 1.0 at
 // http://cabforum.org/EV_Certificate_Guidelines.pdf.
 bool X509Certificate::VerifyEV() const {
+  DCHECK(cert_handle_);
   net::EVRootCAMetadata* metadata = net::EVRootCAMetadata::GetInstance();
 
   PCCERT_CHAIN_CONTEXT chain_context = ConstructCertChain(cert_handle_,
       metadata->GetPolicyOIDs(), metadata->NumPolicyOIDs());
   if (!chain_context)
     return false;
   ScopedCertChainContext scoped_chain_context(chain_context);
 
   DCHECK(chain_context->cChain != 0);
   // If the cert doesn't match any of the policies, the
@@ skipping 61 matching lines @@
   DWORD sha1_size = sizeof(sha1.data);
   rv = CryptHashCertificate(NULL, CALG_SHA1, 0, cert->pbCertEncoded,
                             cert->cbCertEncoded, sha1.data, &sha1_size);
   DCHECK(rv && sha1_size == sizeof(sha1.data));
   if (!rv)
     memset(sha1.data, 0, sizeof(sha1.data));
   return sha1;
 }
 
 }  // namespace net