crypto/x509: don't crash with nil receiver in accessor method

Fixes #2600 R=golang-dev, agl, rsc CC=golang-dev https://golang.org/cl/5500064
2024-11-21 16:24:40 -07:00 · 2011-12-21 10:49:35 -08:00 · 2011-12-21 10:49:35 -08:00 · 71f0fb7760
commit 71f0fb7760
parent 97853b46a0
2 changed files with 15 additions and 0 deletions
--- a/src/pkg/crypto/x509/cert_pool.go
+++ b/src/pkg/crypto/x509/cert_pool.go
@ -28,6 +28,9 @@ func NewCertPool() *CertPool {
 // given certificate. If no such certificate can be found or the signature
 // doesn't match, it returns nil.
 func (s *CertPool) findVerifiedParents(cert *Certificate) (parents []int) {
+	if s == nil {
+		return
+	}
 	var candidates []int

 	if len(cert.AuthorityKeyId) > 0 {
--- a/src/pkg/crypto/x509/verify_test.go
+++ b/src/pkg/crypto/x509/verify_test.go
@ -19,6 +19,7 @@ type verifyTest struct {
 	roots         []string
 	currentTime   int64
 	dnsName       string
+	nilRoots      bool

 	errorCallback  func(*testing.T, int, error) bool
 	expectedChains [][]string
@ -45,6 +46,14 @@ var verifyTests = []verifyTest{

 		errorCallback: expectHostnameError,
 	},
+	{
+		leaf:          googleLeaf,
+		intermediates: []string{thawteIntermediate},
+		nilRoots:      true, // verifies that we don't crash
+		currentTime:   1302726541,
+		dnsName:       "www.google.com",
+		errorCallback: expectAuthorityUnknown,
+	},
 	{
 		leaf:          googleLeaf,
 		intermediates: []string{thawteIntermediate},
@ -136,6 +145,9 @@ func TestVerify(t *testing.T) {
 			DNSName:       test.dnsName,
 			CurrentTime:   time.Unix(test.currentTime, 0),
 		}
+		if test.nilRoots {
+			opts.Roots = nil
+		}

 		for j, root := range test.roots {
 			ok := opts.Roots.AppendCertsFromPEM([]byte(root))