[qtmozembed] Guard against null certificate data. Contributes to JB#4…

…9873 The nsIX509Cert::GetRawDER() call can fail and return a null data pointer under certain circumstances. This wasn't being guarded against and so had the potential to crash the browser when opening an HTTPS page. This change performs checks before attempting to use the returned value.
sailfishos · May 8, 2020 · b1f252b · b1f252b
1 parent 5517f46
commit b1f252b
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/qmozsecurity.cpp b/src/qmozsecurity.cpp
@@ -288,10 +288,13 @@ void QMozSecurity::importState(const char *aStatus, unsigned int aState)
             emissions << &QMozSecurity::protocolVersionChanged;
         }
 
+        QSslCertificate serverCertificate;
         uint32_t length;
         char *data;
-        aServerCert->GetRawDER(&length, (uint8_t **)&data);
-        QSslCertificate serverCertificate = QSslCertificate(QByteArray(data, length), QSsl::EncodingFormat::Der);
+        nsresult rv = aServerCert->GetRawDER(&length, (uint8_t **)&data);
+        if (rv == NS_OK && data) {
+            serverCertificate = QSslCertificate(QByteArray(data, length), QSsl::EncodingFormat::Der);
+        }
         if (m_serverCertificate != serverCertificate) {
             m_serverCertificate = serverCertificate;
             emissions << &QMozSecurity::serverCertificateChanged;