summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjpierre%netscape.com <devnull@localhost>2003-12-02 05:46:27 +0000
committerjpierre%netscape.com <devnull@localhost>2003-12-02 05:46:27 +0000
commitc4953cdedb1b678ee1cf8b1c300165cefe85f1b0 (patch)
tree47cbfb254d72ab3dcdd93e9fa8c21967e231bb3b
parent07c8a7c1f1515db8ad3429c9e0b372c5bbb5a940 (diff)
downloadnss-hg-c4953cdedb1b678ee1cf8b1c300165cefe85f1b0.tar.gz
Prevent SMIME crash in the opaque signature test. bugscape 54061. r=nelsonb
Diffstat
-rw-r--r--security/nss/lib/smime/cmssigdata.c161
1 files changed, 152 insertions, 9 deletions
diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c
index ebdf722cb..b9ae45ea6 100644
--- a/security/nss/lib/smime/cmssigdata.c
+++ b/security/nss/lib/smime/cmssigdata.c
@@ -54,6 +54,12 @@ NSS_CMSSignedData_Create(NSSCMSMessage *cmsg)
NSSCMSSignedData *sigd;
PLArenaPool *poolp;
+ PORT_Assert(cmsg);
+ if (!cmsg) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
+
poolp = cmsg->poolp;
mark = PORT_ArenaMark(poolp);
@@ -132,6 +138,12 @@ NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd)
int n, i;
PLArenaPool *poolp;
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
poolp = sigd->cmsg->poolp;
/* we assume that we have precomputed digests if there is a list of algorithms, and */
@@ -198,6 +210,11 @@ loser:
SECStatus
NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
/* set up the digests */
if (sigd->digestAlgorithms != NULL) {
sigd->contentInfo.digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
@@ -232,6 +249,12 @@ NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd)
CERTCertificateList *certlist;
extern const SEC_ASN1Template NSSCMSSignerInfoTemplate[];
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
poolp = sigd->cmsg->poolp;
cinfo = &(sigd->contentInfo);
@@ -359,6 +382,11 @@ loser:
SECStatus
NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
/* set up the digests */
if (sigd->digestAlgorithms != NULL && sigd->digests == NULL) {
/* if digests are already there, do nothing */
@@ -376,6 +404,11 @@ NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd)
SECStatus
NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
/* did we have digest calculation going on? */
if (sigd->contentInfo.digcx) {
if (NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.digcx, sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess)
@@ -392,9 +425,15 @@ NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd)
SECStatus
NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd)
{
- NSSCMSSignerInfo **signerinfos;
+ NSSCMSSignerInfo **signerinfos = NULL;
int i;
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
/* set cmsg for all the signerinfos */
signerinfos = sigd->signerInfos;
@@ -413,18 +452,33 @@ NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd)
NSSCMSSignerInfo **
NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
return sigd->signerInfos;
}
int
NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return 0;
+ }
return NSS_CMSArray_Count((void **)sigd->signerInfos);
}
NSSCMSSignerInfo *
NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
return sigd->signerInfos[i];
}
@@ -434,6 +488,11 @@ NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
SECAlgorithmID **
NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
return sigd->digestAlgorithms;
}
@@ -443,6 +502,11 @@ NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd)
NSSCMSContentInfo *
NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
return &(sigd->contentInfo);
}
@@ -452,6 +516,11 @@ NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd)
SECItem **
NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
return sigd->rawCerts;
}
@@ -468,6 +537,12 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
int i;
PRTime now;
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
certcount = NSS_CMSArray_Count((void **)sigd->rawCerts);
/* get the certs in the temp DB */
@@ -586,6 +661,12 @@ NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i,
SECItem *contentType, *digest;
SECStatus rv;
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
cinfo = &(sigd->contentInfo);
signerinfo = sigd->signerInfos[i];
@@ -660,6 +741,11 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd,
PRBool
NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return PR_FALSE;
+ }
return (sigd->digests != NULL);
}
@@ -668,10 +754,12 @@ NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certl
{
SECStatus rv;
- PORT_Assert(certlist != NULL);
-
- if (certlist == NULL)
- return SECFailure;
+ PORT_Assert(sigd);
+ PORT_Assert(certlist);
+ if (!sigd || !certlist) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
/* XXX memory?? a certlist has an arena of its own and is not refcounted!?!? */
rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->certLists), (void *)certlist);
@@ -691,6 +779,13 @@ NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert)
usage = certUsageEmailSigner;
+ PORT_Assert(cert);
+ PORT_Assert(sigd);
+ if (!sigd || !cert) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
/* do not include root */
certlist = CERT_CertChainFromCert(cert, usage, PR_FALSE);
if (certlist == NULL)
@@ -707,10 +802,12 @@ NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
CERTCertificate *c;
SECStatus rv;
- PORT_Assert(cert != NULL);
-
- if (cert == NULL)
- return SECFailure;
+ PORT_Assert(cert);
+ PORT_Assert(sigd);
+ if (!sigd || !cert) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
c = CERT_DupCertificate(cert);
rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->certs), (void *)c);
@@ -720,6 +817,11 @@ NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
PRBool
NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd)
{
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return PR_FALSE;
+ }
if (sigd->rawCerts != NULL && sigd->rawCerts[0] != NULL)
return PR_TRUE;
else if (sigd->crls != NULL && sigd->crls[0] != NULL)
@@ -737,6 +839,13 @@ NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd,
SECOidTag digestalgtag;
PLArenaPool *poolp;
+ PORT_Assert(signerinfo);
+ PORT_Assert(sigd);
+ if (!sigd || !signerinfo) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
poolp = sigd->cmsg->poolp;
mark = PORT_ArenaMark(poolp);
@@ -782,6 +891,14 @@ NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd,
{
int cnt, i, idx;
+ PORT_Assert(digestalgs);
+ PORT_Assert(digests);
+ PORT_Assert(sigd);
+ if (!sigd || !digestalgs || !digests) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
if (sigd->digestAlgorithms == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -831,6 +948,12 @@ NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
void *mark;
int n, cnt;
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
poolp = sigd->cmsg->poolp;
mark = PORT_ArenaMark(poolp);
@@ -884,6 +1007,13 @@ NSS_CMSSignedData_AddDigest(PRArenaPool *poolp,
SECAlgorithmID *digestalg;
void *mark;
+ PORT_Assert(poolp);
+ PORT_Assert(sigd);
+ if (!sigd || !poolp) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+ }
+
mark = PORT_ArenaMark(poolp);
digestalg = PORT_ArenaZAlloc(poolp, sizeof(SECAlgorithmID));
@@ -914,6 +1044,12 @@ NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag)
{
int n;
+ PORT_Assert(sigd);
+ if (!sigd) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
+
if (sigd->digestAlgorithms == NULL)
return NULL;
@@ -946,6 +1082,13 @@ NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PR
PLArenaPool *poolp;
SECStatus rv;
+ PORT_Assert(cmsg);
+ PORT_Assert(cert);
+ if (!cmsg || !cert) {
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return NULL;
+ }
+
poolp = cmsg->poolp;
mark = PORT_ArenaMark(poolp);
View Lorry Controller Status