commit 3a364d8be909976d09276d1be9efb1d210ba3b14
author nharper <nharper@google.com> Thu May 07 13:31:27 2020 -0700
committer Copybara-Service <copybara-worker@google.com> Thu May 07 13:32:05 2020 -0700
tree 19adb7e7bc3acea8278f9e80eed4d50124451f8e
parent 780461d7e12166e6a268c77251403468ae07f86b

Check for nullptr in TlsServerHandshaker

Add nullptr check, not flag protected

PiperOrigin-RevId: 310426354
Change-Id: I7a6d88377a1a551a66f3f9ce51fea682c30b4b0a

quic/core/tls_server_handshaker.cc

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 229e568..c8fbda5 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -502,7 +502,7 @@
       proof_source_->GetCertChain(session()->connection()->self_address(),
                                   session()->connection()->peer_address(),
                                   hostname_);
-  if (chain->certs.empty()) {
+  if (!chain || chain->certs.empty()) {
     QUIC_LOG(ERROR) << "No certs provided for host '" << hostname_ << "'";
     return SSL_TLSEXT_ERR_ALERT_FATAL;
   }

quic/core/tls_server_handshaker_test.cc

diff --git a/quic/core/tls_server_handshaker_test.cc b/quic/core/tls_server_handshaker_test.cc
index 89fb325..a71338c 100644
--- a/quic/core/tls_server_handshaker_test.cc
+++ b/quic/core/tls_server_handshaker_test.cc
@@ -17,6 +17,7 @@
 #include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
 #include "net/third_party/quiche/src/quic/platform/api/quic_test.h"
 #include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h"
+#include "net/third_party/quiche/src/quic/test_tools/failing_proof_source.h"
 #include "net/third_party/quiche/src/quic/test_tools/fake_proof_source.h"
 #include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h"
 #include "net/third_party/quiche/src/quic/test_tools/simple_session_cache.h"
@@ -75,6 +76,12 @@
         std::move(proof_source), KeyExchangeSource::Default());
   }
 
+  void InitializeServerConfigWithFailingProofSource() {
+    server_crypto_config_ = std::make_unique<QuicCryptoServerConfig>(
+        QuicCryptoServerConfig::TESTING, QuicRandom::GetInstance(),
+        std::make_unique<FailingProofSource>(), KeyExchangeSource::Default());
+  }
+
   // Initializes the crypto server stream state for testing.  May be
   // called multiple times.
   void InitializeServer() {
@@ -443,6 +450,18 @@
   EXPECT_FALSE(client_stream()->IsResumption());
 }
 
+TEST_F(TlsServerHandshakerTest, HandshakeFailsWithFailingProofSource) {
+  InitializeServerConfigWithFailingProofSource();
+  InitializeServer();
+  InitializeFakeClient();
+
+  // Attempt handshake.
+  AdvanceHandshakeWithFakeClient();
+  // Check that the server didn't send any handshake messages, because it failed
+  // to handshake.
+  EXPECT_EQ(moved_messages_counts_.second, 0u);
+}
+
 }  // namespace
 }  // namespace test
 }  // namespace quic