Index: net/cert/cert_verify_proc_mac.cc |
diff --git a/net/cert/cert_verify_proc_mac.cc b/net/cert/cert_verify_proc_mac.cc |
index f31e4023b195faf719dd72be9414c052f9dcce6a..c0b84a165f8308952b410335151466de59843fa3 100644 |
--- a/net/cert/cert_verify_proc_mac.cc |
+++ b/net/cert/cert_verify_proc_mac.cc |
@@ -180,7 +180,7 @@ OSStatus CreateTrustPolicies(int flags, ScopedCFTypeRef<CFArrayRef>* policies) { |
// Stores the constructed certificate chain |cert_chain| into |
// |*verify_result|. |cert_chain| must not be empty. |
-void CopyCertChainToVerifyResult(CFArrayRef cert_chain, |
+bool CopyCertChainToVerifyResult(CFArrayRef cert_chain, |
CertVerifyResult* verify_result) { |
DCHECK_LT(0, CFArrayGetCount(cert_chain)); |
@@ -197,11 +197,15 @@ void CopyCertChainToVerifyResult(CFArrayRef cert_chain, |
} |
if (!verified_cert) { |
NOTREACHED(); |
- return; |
+ return false; |
} |
- verify_result->verified_cert = |
+ scoped_refptr<X509Certificate> verified_cert_with_chain = |
X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
+ if (!verified_cert_with_chain) |
+ return false; |
+ verify_result->verified_cert = std::move(verified_cert_with_chain); |
+ return true; |
} |
// Returns true if the certificate uses MD2, MD4, MD5, or SHA1, and false |
@@ -894,7 +898,8 @@ int VerifyWithGivenFlags(X509Certificate* cert, |
verify_result->cert_status |= CERT_STATUS_REVOKED; |
if (CFArrayGetCount(completed_chain) > 0) { |
- CopyCertChainToVerifyResult(completed_chain, verify_result); |
+ if (!CopyCertChainToVerifyResult(completed_chain, verify_result)) |
+ verify_result->cert_status |= CERT_STATUS_INVALID; |
} |
// As of Security Update 2012-002/OS X 10.7.4, when an RSA key < 1024 bits |