diff options
author | jpierre%netscape.com <devnull@localhost> | 2003-12-02 05:46:27 +0000 |
---|---|---|
committer | jpierre%netscape.com <devnull@localhost> | 2003-12-02 05:46:27 +0000 |
commit | c4953cdedb1b678ee1cf8b1c300165cefe85f1b0 (patch) | |
tree | 47cbfb254d72ab3dcdd93e9fa8c21967e231bb3b | |
parent | 07c8a7c1f1515db8ad3429c9e0b372c5bbb5a940 (diff) | |
download | nss-hg-c4953cdedb1b678ee1cf8b1c300165cefe85f1b0.tar.gz |
Prevent SMIME crash in the opaque signature test. bugscape 54061. r=nelsonb
-rw-r--r-- | security/nss/lib/smime/cmssigdata.c | 161 |
1 files changed, 152 insertions, 9 deletions
diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c index ebdf722cb..b9ae45ea6 100644 --- a/security/nss/lib/smime/cmssigdata.c +++ b/security/nss/lib/smime/cmssigdata.c @@ -54,6 +54,12 @@ NSS_CMSSignedData_Create(NSSCMSMessage *cmsg) NSSCMSSignedData *sigd; PLArenaPool *poolp; + PORT_Assert(cmsg); + if (!cmsg) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } + poolp = cmsg->poolp; mark = PORT_ArenaMark(poolp); @@ -132,6 +138,12 @@ NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd) int n, i; PLArenaPool *poolp; + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + poolp = sigd->cmsg->poolp; /* we assume that we have precomputed digests if there is a list of algorithms, and */ @@ -198,6 +210,11 @@ loser: SECStatus NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } /* set up the digests */ if (sigd->digestAlgorithms != NULL) { sigd->contentInfo.digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms); @@ -232,6 +249,12 @@ NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd) CERTCertificateList *certlist; extern const SEC_ASN1Template NSSCMSSignerInfoTemplate[]; + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + poolp = sigd->cmsg->poolp; cinfo = &(sigd->contentInfo); @@ -359,6 +382,11 @@ loser: SECStatus NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } /* set up the digests */ if (sigd->digestAlgorithms != NULL && sigd->digests == NULL) { /* if digests are already there, do nothing */ @@ -376,6 +404,11 @@ NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd) SECStatus NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } /* did we have digest calculation going on? */ if (sigd->contentInfo.digcx) { if (NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.digcx, sigd->cmsg->poolp, &(sigd->digests)) != SECSuccess) @@ -392,9 +425,15 @@ NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd) SECStatus NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd) { - NSSCMSSignerInfo **signerinfos; + NSSCMSSignerInfo **signerinfos = NULL; int i; + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + /* set cmsg for all the signerinfos */ signerinfos = sigd->signerInfos; @@ -413,18 +452,33 @@ NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd) NSSCMSSignerInfo ** NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } return sigd->signerInfos; } int NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return 0; + } return NSS_CMSArray_Count((void **)sigd->signerInfos); } NSSCMSSignerInfo * NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } return sigd->signerInfos[i]; } @@ -434,6 +488,11 @@ NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i) SECAlgorithmID ** NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } return sigd->digestAlgorithms; } @@ -443,6 +502,11 @@ NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd) NSSCMSContentInfo * NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } return &(sigd->contentInfo); } @@ -452,6 +516,11 @@ NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd) SECItem ** NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } return sigd->rawCerts; } @@ -468,6 +537,12 @@ NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb, int i; PRTime now; + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + certcount = NSS_CMSArray_Count((void **)sigd->rawCerts); /* get the certs in the temp DB */ @@ -586,6 +661,12 @@ NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i, SECItem *contentType, *digest; SECStatus rv; + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + cinfo = &(sigd->contentInfo); signerinfo = sigd->signerInfos[i]; @@ -660,6 +741,11 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, PRBool NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return PR_FALSE; + } return (sigd->digests != NULL); } @@ -668,10 +754,12 @@ NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certl { SECStatus rv; - PORT_Assert(certlist != NULL); - - if (certlist == NULL) - return SECFailure; + PORT_Assert(sigd); + PORT_Assert(certlist); + if (!sigd || !certlist) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } /* XXX memory?? a certlist has an arena of its own and is not refcounted!?!? */ rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->certLists), (void *)certlist); @@ -691,6 +779,13 @@ NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert) usage = certUsageEmailSigner; + PORT_Assert(cert); + PORT_Assert(sigd); + if (!sigd || !cert) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + /* do not include root */ certlist = CERT_CertChainFromCert(cert, usage, PR_FALSE); if (certlist == NULL) @@ -707,10 +802,12 @@ NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert) CERTCertificate *c; SECStatus rv; - PORT_Assert(cert != NULL); - - if (cert == NULL) - return SECFailure; + PORT_Assert(cert); + PORT_Assert(sigd); + if (!sigd || !cert) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } c = CERT_DupCertificate(cert); rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->certs), (void *)c); @@ -720,6 +817,11 @@ NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert) PRBool NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd) { + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return PR_FALSE; + } if (sigd->rawCerts != NULL && sigd->rawCerts[0] != NULL) return PR_TRUE; else if (sigd->crls != NULL && sigd->crls[0] != NULL) @@ -737,6 +839,13 @@ NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd, SECOidTag digestalgtag; PLArenaPool *poolp; + PORT_Assert(signerinfo); + PORT_Assert(sigd); + if (!sigd || !signerinfo) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + poolp = sigd->cmsg->poolp; mark = PORT_ArenaMark(poolp); @@ -782,6 +891,14 @@ NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd, { int cnt, i, idx; + PORT_Assert(digestalgs); + PORT_Assert(digests); + PORT_Assert(sigd); + if (!sigd || !digestalgs || !digests) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + if (sigd->digestAlgorithms == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -831,6 +948,12 @@ NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd, void *mark; int n, cnt; + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + poolp = sigd->cmsg->poolp; mark = PORT_ArenaMark(poolp); @@ -884,6 +1007,13 @@ NSS_CMSSignedData_AddDigest(PRArenaPool *poolp, SECAlgorithmID *digestalg; void *mark; + PORT_Assert(poolp); + PORT_Assert(sigd); + if (!sigd || !poolp) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + mark = PORT_ArenaMark(poolp); digestalg = PORT_ArenaZAlloc(poolp, sizeof(SECAlgorithmID)); @@ -914,6 +1044,12 @@ NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag) { int n; + PORT_Assert(sigd); + if (!sigd) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } + if (sigd->digestAlgorithms == NULL) return NULL; @@ -946,6 +1082,13 @@ NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PR PLArenaPool *poolp; SECStatus rv; + PORT_Assert(cmsg); + PORT_Assert(cert); + if (!cmsg || !cert) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return NULL; + } + poolp = cmsg->poolp; mark = PORT_ArenaMark(poolp); |