Author: kgiusti
Date: Thu May 23 21:34:08 2013
New Revision: 1485860
URL: http://svn.apache.org/r1485860
Log:
QPID-4883: check for null pointer when parsing certificate CommonName
Modified:
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?rev=1485860&r1=1485859&r2=1485860&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp Thu May 23 21:34:08 2013
@@ -336,16 +336,19 @@ std::string SslSocket::getClientAuthId()
std::string authId;
CERTCertificate* cert = SSL_PeerCertificate(nssSocket);
if (cert) {
- authId = CERT_GetCommonName(&(cert->subject));
- /*
- * The NSS function CERT_GetDomainComponentName only returns
- * the last component of the domain name, so we have to parse
- * the subject manually to extract the full domain.
- */
- std::string domain = getDomainFromSubject(cert->subjectName);
- if (!domain.empty()) {
- authId += DOMAIN_SEPARATOR;
- authId += domain;
+ char *cn = CERT_GetCommonName(&(cert->subject));
+ if (cn) {
+ authId = std::string(cn);
+ /*
+ * The NSS function CERT_GetDomainComponentName only returns
+ * the last component of the domain name, so we have to parse
+ * the subject manually to extract the full domain.
+ */
+ std::string domain = getDomainFromSubject(cert->subjectName);
+ if (!domain.empty()) {
+ authId += DOMAIN_SEPARATOR;
+ authId += domain;
+ }
}
CERT_DestroyCertificate(cert);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
