summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornelsonb%netscape.com <devnull@localhost>2000-10-06 23:26:12 +0000
committernelsonb%netscape.com <devnull@localhost>2000-10-06 23:26:12 +0000
commita52b12a94dc62d256879597c94960867fe558d6b (patch)
tree614da79867cfcaa91a6c93d9002edc8dd09ee1a5
parent42636a069ddc09094073384d74b47196ccdba34b (diff)
downloadnss-hg-a52b12a94dc62d256879597c94960867fe558d6b.tar.gz
In lib/smime, detect null pointers returned by various functions.
Christian Kaiser fixed the test script to pass the right directory name to the test program. The test script echoes all the cmsutil test commands so that the error messages are associated with the proper one. And cmsutil now puts its name on the front of its error messages.
-rw-r--r--security/nss/cmd/smimetools/cmsutil.c4
-rw-r--r--security/nss/lib/smime/cmsenvdata.c14
-rw-r--r--security/nss/lib/smime/cmsrecinfo.c5
-rw-r--r--security/nss/lib/smime/cmssigdata.c8
-rwxr-xr-xsecurity/nss/tests/smime/smime.sh17
5 files changed, 38 insertions, 10 deletions
diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c
index eff4bf6ec..b4b726927 100644
--- a/security/nss/cmd/smimetools/cmsutil.c
+++ b/security/nss/cmd/smimetools/cmsutil.c
@@ -261,7 +261,7 @@ decode(FILE *out, SECItem *output, SECItem *input,
/* if we have a content file, but no digests for this signedData */
if (decodeOptions.contentFile != NULL && !NSS_CMSSignedData_HasDigests(sigd)) {
if ((poolp = PORT_NewArena(1024)) == NULL) {
- fprintf(stderr, "Out of memory.\n");
+ fprintf(stderr, "cmsutil: Out of memory.\n");
goto loser;
}
digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
@@ -306,7 +306,7 @@ decode(FILE *out, SECItem *output, SECItem *input,
decodeOptions.options->certHandle,
decodeOptions.options->certUsage);
if (rv != SECSuccess) {
- fprintf(stderr, "Verify certs-only failed!\n");
+ fprintf(stderr, "cmsutil: Verify certs-only failed!\n");
goto loser;
}
return cmsg;
diff --git a/security/nss/lib/smime/cmsenvdata.c b/security/nss/lib/smime/cmsenvdata.c
index d6e45a10a..4a7ffa3f1 100644
--- a/security/nss/lib/smime/cmsenvdata.c
+++ b/security/nss/lib/smime/cmsenvdata.c
@@ -316,6 +316,7 @@ NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd)
SECStatus rv = SECFailure;
NSSCMSContentInfo *cinfo;
NSSCMSRecipient **recipient_list;
+ NSSCMSRecipient *recipient;
int rlIndex;
if (NSS_CMSArray_Count((void **)envd->recipientInfos) == 0) {
@@ -347,14 +348,19 @@ NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd)
goto loser;
}
+ recipient = recipient_list[rlIndex];
+ if (!recipient->cert || !recipient->privkey) {
+ /* XXX should set an error code ?!? */
+ goto loser;
+ }
/* get a pointer to "our" recipientinfo */
- ri = envd->recipientInfos[recipient_list[rlIndex]->riIndex];
+ ri = envd->recipientInfos[recipient->riIndex];
cinfo = &(envd->contentInfo);
bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo);
- bulkkey = NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient_list[rlIndex]->subIndex,
- recipient_list[rlIndex]->cert,
- recipient_list[rlIndex]->privkey,
+ bulkkey = NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient->subIndex,
+ recipient->cert,
+ recipient->privkey,
bulkalgtag);
if (bulkkey == NULL) {
/* no success finding a bulk key */
diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c
index 45ac16658..ba318e69e 100644
--- a/security/nss/lib/smime/cmsrecinfo.c
+++ b/security/nss/lib/smime/cmsrecinfo.c
@@ -352,7 +352,8 @@ NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, S
}
PK11SymKey *
-NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
+NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
+ CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
{
PK11SymKey *bulkkey = NULL;
SECAlgorithmID *encalg;
@@ -360,7 +361,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCe
SECItem *enckey;
int error;
- ri->cert = cert; /* mark the recipientInfo so we can find it later */
+ ri->cert = cert; /* mark the recipientInfo so we can find it later */
switch (ri->recipientInfoType) {
case NSSCMSRecipientInfoID_KeyTrans:
diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c
index 0432476b5..b33d251d2 100644
--- a/security/nss/lib/smime/cmssigdata.c
+++ b/security/nss/lib/smime/cmssigdata.c
@@ -527,17 +527,23 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd,
CERTCertificate *cert;
SECStatus rv = SECSuccess;
int i;
+ int count;
if (!sigd || !certdb || !sigd->rawCerts) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- for (i=0; i < NSS_CMSArray_Count((void**)sigd->rawCerts); i++) {
+ count = NSS_CMSArray_Count((void**)sigd->rawCerts);
+ for (i=0; i < count; i++) {
if (sigd->certs && sigd->certs[i]) {
cert = sigd->certs[i];
} else {
cert = CERT_FindCertByDERCert(certdb, sigd->rawCerts[i]);
+ if (!cert) {
+ rv = SECFailure;
+ break;
+ }
}
rv |= CERT_VerifyCert(certdb, cert, PR_TRUE, usage, PR_Now(),
NULL, NULL);
diff --git a/security/nss/tests/smime/smime.sh b/security/nss/tests/smime/smime.sh
index 6921514e7..6c76d3e97 100755
--- a/security/nss/tests/smime/smime.sh
+++ b/security/nss/tests/smime/smime.sh
@@ -190,32 +190,42 @@ echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULT
cd ${SMIMEDIR}
cp ${CURDIR}/alice.txt ${SMIMEDIR}
# Test basic signed and enveloped messages from 1 --> 2
+echo "cmsutil -S -N Alice -i alice.txt -d ${ALICEDIR} -p nss -o alice.sig"
cmsutil -S -N Alice -i alice.txt -d ${ALICEDIR} -p nss -o alice.sig
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Create Signature Alice"}
fi
+echo "cmsutil -D -i alice.sig -d ${BOBDIR} -o alice.data1"
cmsutil -D -i alice.sig -d ${BOBDIR} -o alice.data1
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Decode Alice's Signature"}
fi
+echo "diff alice.txt alice.data1"
diff alice.txt alice.data1
if [ $? -ne 0 ]; then
+ echo "Signing attached message Failed ($CMSFAILED)"
echo "<TR><TD>Signing attached message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS}
else
+ echo "Signing attached message Passed"
echo "<TR><TD>Signing attached message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
fi
+echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${ALICEDIR} -p nss -o alice.env"
cmsutil -E -r bob@bogus.com -i alice.txt -d ${ALICEDIR} -p nss -o alice.env
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Create Enveloped Data Alice"}
fi
+echo "cmsutil -D -i alice.env -d ${BOBDIR} -p nss -o alice.data1"
cmsutil -D -i alice.env -d ${BOBDIR} -p nss -o alice.data1
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Decode Enveloped Data Alice"}
fi
+echo "diff alice.txt alice.data1"
diff alice.txt alice.data1
if [ $? -ne 0 ]; then
+ echo "Enveloped Data Failed ($CMSFAILED)"
echo "<TR><TD>Enveloped Data</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS}
else
+ echo "Enveloped Data Passed"
echo "<TR><TD>Enveloped Data</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
fi
# multiple recip
@@ -228,13 +238,16 @@ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${ALICEDIR} > co.der
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Create Certs-Only Alice"}
fi
-cmsutil -D -i co.der -d ${CADIR}
+echo "cmsutil -D -i co.der -d ${BOBDIR}"
+cmsutil -D -i co.der -d ${BOBDIR}
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Verify Certs-Only by CA"}
fi
if [ -n "${CMSFAILED}" ]; then
+ echo "Sending certs-only message Failed ($CMSFAILED)"
echo "<TR><TD>Sending certs-only message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS}
else
+ echo "Sending certs-only message Passed"
echo "<TR><TD>Sending certs-only message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
fi
echo "cmsutil -C -i alice.txt -e alicehello.env -d ${ALICEDIR} -r \"bob@bogus.com\" > alice.enc"
@@ -254,8 +267,10 @@ if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Decode Encrypted-Data"}
fi
if [ -n "${CMSFAILED}" ]; then
+ echo "Encrypted-Data message Failed ($CMSFAILED)"
echo "<TR><TD>Encrypted-Data message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS}
else
+ echo "Encrypted-Data message Passed"
echo "<TR><TD>Encrypted-Data message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
fi