Bug 1572791 - Check for nulls in SSLExp_DelegateCredential and its te…

…sts r=kjacobs

This particularly catches test errors in tls_subcerts_unittest when the profile
is stale.

Differential Revision: https://phabricator.services.mozilla.com/D41429

--HG--
extra : moz-landing-system : lando

gtests/ssl_gtest/tls_agent.cc

@@ -166,7 +166,9 @@ void TlsAgent::DelegateCredential(const std::string& name,
                                   SECItem* dc) {
   ScopedCERTCertificate cert;
   ScopedSECKEYPrivateKey cert_priv;
-  EXPECT_TRUE(TlsAgent::LoadCertificate(name, &cert, &cert_priv));
+  EXPECT_TRUE(TlsAgent::LoadCertificate(name, &cert, &cert_priv))
+    << "Could not load delegate certificate: " << name << "; test db corrupt?";
+
   EXPECT_EQ(SECSuccess,
             SSL_DelegateCredential(cert.get(), cert_priv.get(), dc_pub.get(),
                                    dc_cert_verify_alg, dc_valid_for, now, dc));

gtests/ssl_gtest/tls_subcerts_unittest.cc

@@ -240,6 +240,7 @@ TEST_P(TlsConnectTls13, DCAbortBadSignature) {
   StackSECItem dc;
   TlsAgent::DelegateCredential(kDelegatorId, pub, kDCScheme, kDCValidFor, now(),
                                &dc);
+  ASSERT_TRUE(dc.data != nullptr);
 
   // Flip the first bit of the DC so that the signature is invalid.
   dc.data[0] ^= 0x01;

lib/ssl/tls13subcerts.c

@@ -665,6 +665,11 @@ SSLExp_DelegateCredential(const CERTCertificate *cert,
     sslDelegatedCredential *dc = NULL;
     sslBuffer dcBuf = SSL_BUFFER_EMPTY;
 
+    if (!cert || !certPriv || !dcPub || !out) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
     dc = PORT_ZNew(sslDelegatedCredential);
     if (!dc) {
         PORT_SetError(SEC_ERROR_NO_MEMORY);