Check for nullptr in TlsServerHandshaker
Add nullptr check, not flag protected
PiperOrigin-RevId: 310426354
Change-Id: I7a6d88377a1a551a66f3f9ce51fea682c30b4b0a
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 229e568..c8fbda5 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -502,7 +502,7 @@
proof_source_->GetCertChain(session()->connection()->self_address(),
session()->connection()->peer_address(),
hostname_);
- if (chain->certs.empty()) {
+ if (!chain || chain->certs.empty()) {
QUIC_LOG(ERROR) << "No certs provided for host '" << hostname_ << "'";
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
diff --git a/quic/core/tls_server_handshaker_test.cc b/quic/core/tls_server_handshaker_test.cc
index 89fb325..a71338c 100644
--- a/quic/core/tls_server_handshaker_test.cc
+++ b/quic/core/tls_server_handshaker_test.cc
@@ -17,6 +17,7 @@
#include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_test.h"
#include "net/third_party/quiche/src/quic/test_tools/crypto_test_utils.h"
+#include "net/third_party/quiche/src/quic/test_tools/failing_proof_source.h"
#include "net/third_party/quiche/src/quic/test_tools/fake_proof_source.h"
#include "net/third_party/quiche/src/quic/test_tools/quic_test_utils.h"
#include "net/third_party/quiche/src/quic/test_tools/simple_session_cache.h"
@@ -75,6 +76,12 @@
std::move(proof_source), KeyExchangeSource::Default());
}
+ void InitializeServerConfigWithFailingProofSource() {
+ server_crypto_config_ = std::make_unique<QuicCryptoServerConfig>(
+ QuicCryptoServerConfig::TESTING, QuicRandom::GetInstance(),
+ std::make_unique<FailingProofSource>(), KeyExchangeSource::Default());
+ }
+
// Initializes the crypto server stream state for testing. May be
// called multiple times.
void InitializeServer() {
@@ -443,6 +450,18 @@
EXPECT_FALSE(client_stream()->IsResumption());
}
+TEST_F(TlsServerHandshakerTest, HandshakeFailsWithFailingProofSource) {
+ InitializeServerConfigWithFailingProofSource();
+ InitializeServer();
+ InitializeFakeClient();
+
+ // Attempt handshake.
+ AdvanceHandshakeWithFakeClient();
+ // Check that the server didn't send any handshake messages, because it failed
+ // to handshake.
+ EXPECT_EQ(moved_messages_counts_.second, 0u);
+}
+
} // namespace
} // namespace test
} // namespace quic