diff options
author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2016-04-29 21:57:47 +0200 |
---|---|---|
committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2016-04-29 21:57:47 +0200 |
commit | cc2742adb4161ff24b5c5199352e726599d59c24 (patch) | |
tree | e7084b032d9af6c0df535f5514c9deeb04705d44 | |
parent | 92da0330089143c60f0178d6973560980c51a01c (diff) | |
download | nss-hg-cc2742adb4161ff24b5c5199352e726599d59c24.tar.gz |
Bug 1257885 - Fix some unchecked return values, r=ttaubert
-rw-r--r-- | cmd/bltest/blapitest.c | 21 | ||||
-rw-r--r-- | cmd/crlutil/crlutil.c | 8 | ||||
-rw-r--r-- | lib/pkcs12/p12dec.c | 14 | ||||
-rw-r--r-- | lib/smime/cmsrecinfo.c | 4 | ||||
-rw-r--r-- | lib/smime/cmssiginfo.c | 8 |
5 files changed, 41 insertions, 14 deletions
diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c index e1acc7024..50c7d9693 100644 --- a/cmd/bltest/blapitest.c +++ b/cmd/bltest/blapitest.c @@ -982,6 +982,9 @@ setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file, if (in->data[in->len - 1] == '\r') --in->len; SECITEM_CopyItem(arena, &input->buf, in); + if (rv != SECSuccess) { + return SECFailure; + } break; case bltestHexSpaceDelim: SECITEM_AllocItem(arena, &input->buf, in->len / 5); @@ -1061,16 +1064,20 @@ finishIO(bltestIO *output, PRFileDesc *file) return rv; } -void +SECStatus bltestCopyIO(PLArenaPool *arena, bltestIO *dest, bltestIO *src) { - SECITEM_CopyItem(arena, &dest->buf, &src->buf); + if (SECITEM_CopyItem(arena, &dest->buf, &src->buf) != SECSuccess) { + return SECFailure; + } if (src->pBuf.len > 0) { dest->pBuf.len = src->pBuf.len; dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data); } dest->mode = src->mode; dest->file = src->file; + + return SECSuccess; } void @@ -3238,7 +3245,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, ** then perform operation and compare to ciphertext */ if (encrypt) { - bltestCopyIO(arena, &cipherInfo.input, &pt); + rv |= bltestCopyIO(arena, &cipherInfo.input, &pt); misalignBuffer(arena, &cipherInfo.input, inoff); memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf); rv |= cipherInit(&cipherInfo, PR_TRUE); @@ -3260,7 +3267,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, ** verify-only operations, this ensures that the output ** buffer is properly configured */ - bltestCopyIO(arena, ¶ms->asymk.sig, &cipherInfo.output); + rv |= bltestCopyIO(arena, ¶ms->asymk.sig, &cipherInfo.output); } } if (!decrypt) @@ -3270,10 +3277,10 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, ** then perform operation and compare to plaintext */ if (is_sigCipher(mode)) { - bltestCopyIO(arena, &cipherInfo.input, &pt); - bltestCopyIO(arena, &cipherInfo.output, ¶ms->asymk.sig); + rv |= bltestCopyIO(arena, &cipherInfo.input, &pt); + rv |= bltestCopyIO(arena, &cipherInfo.output, ¶ms->asymk.sig); } else { - bltestCopyIO(arena, &cipherInfo.input, &ct); + rv |= bltestCopyIO(arena, &cipherInfo.input, &ct); memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf); } misalignBuffer(arena, &cipherInfo.input, inoff); diff --git a/cmd/crlutil/crlutil.c b/cmd/crlutil/crlutil.c index 9fca6b40b..ebfe8e6bf 100644 --- a/cmd/crlutil/crlutil.c +++ b/cmd/crlutil/crlutil.c @@ -39,6 +39,7 @@ FindCRL(CERTCertDBHandle *certHandle, char *name, int type) if (!cert) { CERTName *certName = NULL; PLArenaPool *arena = NULL; + SECStatus rv = SECSuccess; certName = CERT_AsciiToName(name); if (certName) { @@ -48,13 +49,18 @@ FindCRL(CERTCertDBHandle *certHandle, char *name, int type) SEC_ASN1EncodeItem(arena, NULL, (void *)certName, SEC_ASN1_GET(CERT_NameTemplate)); if (nameItem) { - SECITEM_CopyItem(NULL, &derName, nameItem); + rv = SECITEM_CopyItem(NULL, &derName, nameItem); } PORT_FreeArena(arena, PR_FALSE); } CERT_DestroyName(certName); } + if (rv != SECSuccess) { + SECU_PrintError(progName, "SECITEM_CopyItem failed, out of memory"); + return ((CERTSignedCrl *)NULL); + } + if (!derName.len || !derName.data) { SECU_PrintError(progName, "could not find certificate named '%s'", name); return ((CERTSignedCrl *)NULL); diff --git a/lib/pkcs12/p12dec.c b/lib/pkcs12/p12dec.c index 61651b080..55aeea12e 100644 --- a/lib/pkcs12/p12dec.c +++ b/lib/pkcs12/p12dec.c @@ -62,8 +62,18 @@ sec_pkcs12_decode_pfx(SECItem *der_pfx) return NULL; } pfx->old = PR_TRUE; - SGN_CopyDigestInfo(pfx->poolp, &pfx->macData.safeMac, &pfx->old_safeMac); - SECITEM_CopyItem(pfx->poolp, &pfx->macData.macSalt, &pfx->old_macSalt); + rv = SGN_CopyDigestInfo(pfx->poolp, &pfx->macData.safeMac, &pfx->old_safeMac); + if(rv != SECSuccess) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + PORT_FreeArena(pfx->poolp, PR_TRUE); + return NULL; + } + rv = SECITEM_CopyItem(pfx->poolp, &pfx->macData.macSalt, &pfx->old_macSalt); + if(rv != SECSuccess) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + PORT_FreeArena(pfx->poolp, PR_TRUE); + return NULL; + } } else { pfx->old = PR_FALSE; } diff --git a/lib/smime/cmsrecinfo.c b/lib/smime/cmsrecinfo.c index 77a1541ec..3c827a8e6 100644 --- a/lib/smime/cmsrecinfo.c +++ b/lib/smime/cmsrecinfo.c @@ -138,8 +138,8 @@ nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg, PORT_SetError(SEC_ERROR_NO_MEMORY); break; } - SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID); - if (rid->id.subjectKeyID->data == NULL) { + rv = SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID); + if (rv != SECSuccess || rid->id.subjectKeyID->data == NULL) { rv = SECFailure; PORT_SetError(SEC_ERROR_NO_MEMORY); break; diff --git a/lib/smime/cmssiginfo.c b/lib/smime/cmssiginfo.c index f3635c2da..b39494199 100644 --- a/lib/smime/cmssiginfo.c +++ b/lib/smime/cmssiginfo.c @@ -51,6 +51,7 @@ nss_cmssignerinfo_create(NSSCMSMessage *cmsg, NSSCMSSignerIDSelector type, NSSCMSSignerInfo *signerinfo; int version; PLArenaPool *poolp; + SECStatus rv; poolp = cmsg->poolp; @@ -80,8 +81,11 @@ nss_cmssignerinfo_create(NSSCMSMessage *cmsg, NSSCMSSignerIDSelector type, goto loser; signerinfo->signerIdentifier.id.subjectKeyID = PORT_ArenaNew(poolp, SECItem); - SECITEM_CopyItem(poolp, signerinfo->signerIdentifier.id.subjectKeyID, - subjKeyID); + rv = SECITEM_CopyItem(poolp, signerinfo->signerIdentifier.id.subjectKeyID, + subjKeyID); + if (rv != SECSuccess) { + goto loser; + } signerinfo->signingKey = SECKEY_CopyPrivateKey(signingKey); if (!signerinfo->signingKey) goto loser; |