Check X509Certificate::CreateFromHandle result.

net/cert/cert_verify_proc_ios.cc

Index: net/cert/cert_verify_proc_ios.cc
diff --git a/net/cert/cert_verify_proc_ios.cc b/net/cert/cert_verify_proc_ios.cc
index 84ecd2aea84ba31730c706d83dc16c03ed414667..527326e6bb86bc18c57d18da3ae9dfae84038978 100644
--- a/net/cert/cert_verify_proc_ios.cc
+++ b/net/cert/cert_verify_proc_ios.cc
@@ -116,12 +116,16 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
     }
 
     std::string der_bytes;
-    if (!X509Certificate::GetDEREncoded(chain_cert, &der_bytes))
+    if (!X509Certificate::GetDEREncoded(chain_cert, &der_bytes)) {
+      verify_result->cert_status |= CERT_STATUS_INVALID;
       return;
+    }
 
     base::StringPiece spki_bytes;
-    if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))
-      continue;
+    if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) {
+      verify_result->cert_status |= CERT_STATUS_INVALID;
+      return;
+    }
 
     HashValue sha1(HASH_VALUE_SHA1);
     CC_SHA1(spki_bytes.data(), spki_bytes.size(), sha1.data());
@@ -139,11 +143,16 @@ void GetCertChainInfo(CFArrayRef cert_chain, CertVerifyResult* verify_result) {
   }
   if (!verified_cert) {
     NOTREACHED();
+    verify_result->cert_status |= CERT_STATUS_INVALID;

[eroman, 2017/03/24 22:07:23]

I don't know about this one, as reaching it means the chain was empty. That
said, according to the DCHECK() at the start on cert_chain's length, this
shouldn't be reachable, so meh.

[mattm, 2017/03/27 23:24:37]

Yeah, on this and the mac one, due to the presence of the NOTREACHED, I felt
more confident that it shouldn't really happen and adding the error code just to
be safe.

But yeah, probably doesn't matter either way.

     return;
   }
 
-  verify_result->verified_cert =
+  scoped_refptr<X509Certificate> verified_cert_with_chain =
       X509Certificate::CreateFromHandle(verified_cert, verified_chain);
+  if (verified_cert_with_chain)
+    verify_result->verified_cert = std::move(verified_cert_with_chain);
+  else
+    verify_result->cert_status |= CERT_STATUS_INVALID;
 }
 
 }  // namespace