From: Seonah Moon <seonah1.moon@samsung.com>
Date: Thu, 18 Mar 2021 09:21:45 +0000 (+0900)
Subject: Return bad identity error if identity is unset
X-Git-Tag: accepted/tizen/unified/20210322.150805^0
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fglib-networking.git;a=commitdiff_plain;h=853fe77716217095264315ad4023a9753e8f4677

Return bad identity error if identity is unset

CVE-2020-13645
backported: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135

Change-Id: I7002bd96a7077e013587d1e6f0722a1ab54ee4b5
---

diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
index 8252516..eb202be 100644
--- a/tls/openssl/gtlsconnection-openssl.c
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -313,18 +313,17 @@ verify_peer_certificate (GTlsConnectionOpenssl *openssl,
                          GTlsCertificate       *peer_certificate)
 {
   GTlsConnection *conn = G_TLS_CONNECTION (openssl);
-  GSocketConnectable *peer_identity;
+  GSocketConnectable *peer_identity = NULL;
   GTlsDatabase *database;
-  GTlsCertificateFlags errors;
+  GTlsCertificateFlags errors = 0;
   gboolean is_client;
 
   is_client = G_IS_TLS_CLIENT_CONNECTION (openssl);
   if (is_client)
     peer_identity = g_tls_client_connection_get_server_identity (G_TLS_CLIENT_CONNECTION (openssl));
-  else
-    peer_identity = NULL;
 
-  errors = 0;
+  if (!peer_identity)
+    errors |= G_TLS_CERTIFICATE_BAD_IDENTITY;
 
   database = g_tls_connection_get_database (conn);
   if (database == NULL)