Check X509Certificate::CreateFromHandle result.

net/cert/cert_verify_proc_mac.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/cert_verify_proc_mac.h"
 
 #include <CommonCrypto/CommonDigest.h>
 #include <CoreServices/CoreServices.h>
 #include <Security/Security.h>
 
@@ skipping 162 matching lines @@
       (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED), local_policies);
   if (status)
     return status;
 
   policies->reset(local_policies.release());
   return noErr;
 }
 
 // Stores the constructed certificate chain |cert_chain| into
 // |*verify_result|. |cert_chain| must not be empty.
-void CopyCertChainToVerifyResult(CFArrayRef cert_chain,
+bool CopyCertChainToVerifyResult(CFArrayRef cert_chain,
                                  CertVerifyResult* verify_result) {
   DCHECK_LT(0, CFArrayGetCount(cert_chain));
 
   SecCertificateRef verified_cert = NULL;
   std::vector<SecCertificateRef> verified_chain;
   for (CFIndex i = 0, count = CFArrayGetCount(cert_chain); i < count; ++i) {
     SecCertificateRef chain_cert = reinterpret_cast<SecCertificateRef>(
         const_cast<void*>(CFArrayGetValueAtIndex(cert_chain, i)));
     if (i == 0) {
       verified_cert = chain_cert;
     } else {
       verified_chain.push_back(chain_cert);
     }
   }
   if (!verified_cert) {
     NOTREACHED();
-    return;
+    return false;
   }
 
   verify_result->verified_cert =
       X509Certificate::CreateFromHandle(verified_cert, verified_chain);
+  return !!verify_result->verified_cert;
 }
 
 // Returns true if the certificate uses MD2, MD4, MD5, or SHA1, and false
 // otherwise. A return of false also includes the case where the signature
 // algorithm couldn't be conclusively labeled as weak.
 bool CertUsesWeakHash(X509Certificate::OSCertHandle cert_handle) {
   x509_util::CSSMCachedCertificate cached_cert;
   OSStatus status = cached_cert.Init(cert_handle);
   if (status)
     return false;
@@ skipping 672 matching lines @@
       break;
   }
 
   if (flags & CertVerifier::VERIFY_REV_CHECKING_ENABLED)
     verify_result->cert_status |= CERT_STATUS_REV_CHECKING_ENABLED;
 
   if (*completed_chain_crl_result == kCRLSetRevoked)
     verify_result->cert_status |= CERT_STATUS_REVOKED;
 
   if (CFArrayGetCount(completed_chain) > 0) {
-    CopyCertChainToVerifyResult(completed_chain, verify_result);
+    if (!CopyCertChainToVerifyResult(completed_chain, verify_result))
+      return ERR_CERT_INVALID;

[eroman, 2017/03/22 22:17:52]

same question about cert_status throughout.

[mattm, 2017/03/23 22:59:02]

Acknowledged.

   }
 
   // As of Security Update 2012-002/OS X 10.7.4, when an RSA key < 1024 bits
   // is encountered, CSSM returns CSSMERR_TP_VERIFY_ACTION_FAILED and adds
   // CSSMERR_CSP_UNSUPPORTED_KEY_SIZE as a certificate status. Avoid mapping
   // the CSSMERR_TP_VERIFY_ACTION_FAILED to CERT_STATUS_INVALID if the only
   // error was due to an unsupported key size.
   bool policy_failed = false;
   bool policy_fail_already_mapped = false;
   bool weak_key_or_signature_algorithm = false;
@@ skipping 188 matching lines @@
     // EV cert and it was covered by CRLSets or revocation checking passed.
     verify_result->cert_status |= CERT_STATUS_IS_EV;
   }
 
   return OK;
 }
 
 }  // namespace net
 
 #pragma clang diagnostic pop  // "-Wdeprecated-declarations"