From f3052c8a819711d9193e4a1e9b23f2c76be58f74 Mon Sep 17 00:00:00 2001
From: Nick Zitzmann <nickzman@gmail.com>
Date: Sat, 22 Jun 2013 15:13:36 -0600
Subject: darwinssl: fix crash that started happening in Lion

Something (a recent security update maybe?) changed in Lion, and now it
has changed SSLCopyPeerTrust such that it may return noErr but also give
us a null trust, which caught us off guard and caused an eventual crash.
---
 lib/curl_darwinssl.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/curl_darwinssl.c b/lib/curl_darwinssl.c
index d03f3cc45..82a339b0a 100644
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -1363,11 +1363,11 @@ darwinssl_connect_step3(struct connectdata *conn,
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   CFStringRef server_cert_summary;
   char server_cert_summary_c[128];
-  CFArrayRef server_certs;
+  CFArrayRef server_certs = NULL;
   SecCertificateRef server_cert;
   OSStatus err;
   CFIndex i, count;
-  SecTrustRef trust;
+  SecTrustRef trust = NULL;
 
   /* There is no step 3!
    * Well, okay, if verbose mode is on, let's print the details of the
@@ -1376,7 +1376,9 @@ darwinssl_connect_step3(struct connectdata *conn,
 #if CURL_BUILD_IOS
 #pragma unused(server_certs)
   err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
-  if(err == noErr) {
+  /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
+     a null trust, so be on guard for that: */
+  if(err == noErr && trust) {
     count = SecTrustGetCertificateCount(trust);
     for(i = 0L ; i < count ; i++) {
       server_cert = SecTrustGetCertificateAtIndex(trust, i);
@@ -1402,7 +1404,9 @@ darwinssl_connect_step3(struct connectdata *conn,
   if(SecTrustEvaluateAsync != NULL) {
 #pragma unused(server_certs)
     err = SSLCopyPeerTrust(connssl->ssl_ctx, &trust);
-    if(err == noErr) {
+    /* For some reason, SSLCopyPeerTrust() can return noErr and yet return
+       a null trust, so be on guard for that: */
+    if(err == noErr && trust) {
       count = SecTrustGetCertificateCount(trust);
       for(i = 0L ; i < count ; i++) {
         server_cert = SecTrustGetCertificateAtIndex(trust, i);
@@ -1422,7 +1426,8 @@ darwinssl_connect_step3(struct connectdata *conn,
   else {
 #if CURL_SUPPORT_MAC_10_8
     err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
-    if(err == noErr) {
+    /* Just in case SSLCopyPeerCertificates() returns null too... */
+    if(err == noErr && server_certs) {
       count = CFArrayGetCount(server_certs);
       for(i = 0L ; i < count ; i++) {
         server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs,
-- 
cgit v1.2.3