)]}'
{
  "commit": "ca3f243cf0cf1dd50b79f3385154ffb6c7261073",
  "tree": "dc290e78d478f2752d15f4e613ea87e0f5fa5f71",
  "parents": [
    "6d70353ca8bc55b54f19af00fb7d9b074208ff1c"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Mon Aug 31 14:47:49 2020 -0400"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Thu Sep 17 19:18:17 2020 +0000"
  },
  "message": "Require non-NULL store in X509_STORE_CTX_init.\n\nX509_STORE_CTX_init is documented upstream to allow a NULL store and has\nlogic to account for it. However, attempting to use such an\nX509_STORE_CTX crashes in X509_verify_cert due to the\nadditional_untrusted logic we added.\n\nMoreover, before that change, it still crashes because\nX509_STORE_CTX_get1_issuer (the default get_issuer hook) assumes\nctx-\u003ectx (the store) is non-null. This was also true in upstream but\nlater fixed in https://github.com/openssl/openssl/pull/6001. However,\nwithout a store, there is no trust anchor, so this is not very useful.\nReject NULL stores in X509_STORE_CTX_init and remove the logic allowing\nfor a NULL one.\n\nThanks to Danny Halawi for catching this.\n\nUpdate-Note: X509_STORE_CTX_init will now fail when the store is NULL,\nrather than report success, only to crash later in X509_verify_cert.\nBreakage should thus be limited to code which was passing in a NULL\nstore but never used the resulting X509_STORE_CTX.\n\nChange-Id: I9db0289612cc245a8d62d6fa647d6b56b2daabda\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42728\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "d71dee92ff244d1b929178bc3a5e27b732e9ac3b",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_test.cc",
      "new_id": "426e18183e5b38a23dfdf622603e94bb374f5465",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_test.cc"
    },
    {
      "type": "modify",
      "old_id": "9839b95e3b64990be653e01622d9c1a2176022c2",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_vfy.c",
      "new_id": "a997202e8a6993ea48520d57e82ef6ffad97b84d",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_vfy.c"
    }
  ]
}