From e52494c49bfe0573036c846f5aa91de9a81b855e Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Tue, 21 Jun 2022 12:10:06 +0100
Subject: [PATCH] gtlscertificate: Hold a ref on the root certificate when
 building chains
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is unlikely to be a bug in practice, as the certificate pointed to
by `root` should have a ref held on it as the issuer of another
certificate in the chain.

However, we can’t guarantee that’s how the `GTlsCertificate`
implementation behaves, so keep a temporary ref on `root` until it’s no
longer needed.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1489985

(cherry-picked from commit 2c75c392eb76a12c3fd18b63508b1f971a3afecd)
---
 gio/gtlscertificate.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gio/gtlscertificate.c b/gio/gtlscertificate.c
index d0a326b27..975117042 100644
--- a/gio/gtlscertificate.c
+++ b/gio/gtlscertificate.c
@@ -624,7 +624,7 @@ create_certificate_chain_from_list (GSList       *pem_list,
 
       /* root will point to the last certificate in the file. */
       if (!root)
-        root = cert;
+        root = g_object_ref (cert);
 
       pem = g_slist_next (pem);
     }
@@ -639,6 +639,8 @@ create_certificate_chain_from_list (GSList       *pem_list,
       g_clear_object (&cert);
     }
 
+  g_clear_object (&root);
+
   return cert;
 }