diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2000-10-06 23:26:12 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2000-10-06 23:26:12 +0000 |
| commit | a52b12a94dc62d256879597c94960867fe558d6b (patch) | |
| tree | 614da79867cfcaa91a6c93d9002edc8dd09ee1a5 | |
| parent | 42636a069ddc09094073384d74b47196ccdba34b (diff) | |
| download | nss-hg-a52b12a94dc62d256879597c94960867fe558d6b.tar.gz | |
In lib/smime, detect null pointers returned by various functions.
Christian Kaiser fixed the test script to pass the right directory name
to the test program. The test script echoes all the cmsutil test
commands so that the error messages are associated with the proper one.
And cmsutil now puts its name on the front of its error messages.
| -rw-r--r-- | security/nss/cmd/smimetools/cmsutil.c | 4 | ||||
| -rw-r--r-- | security/nss/lib/smime/cmsenvdata.c | 14 | ||||
| -rw-r--r-- | security/nss/lib/smime/cmsrecinfo.c | 5 | ||||
| -rw-r--r-- | security/nss/lib/smime/cmssigdata.c | 8 | ||||
| -rwxr-xr-x | security/nss/tests/smime/smime.sh | 17 |
5 files changed, 38 insertions, 10 deletions
diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c index eff4bf6ec..b4b726927 100644 --- a/security/nss/cmd/smimetools/cmsutil.c +++ b/security/nss/cmd/smimetools/cmsutil.c @@ -261,7 +261,7 @@ decode(FILE *out, SECItem *output, SECItem *input, /* if we have a content file, but no digests for this signedData */ if (decodeOptions.contentFile != NULL && !NSS_CMSSignedData_HasDigests(sigd)) { if ((poolp = PORT_NewArena(1024)) == NULL) { - fprintf(stderr, "Out of memory.\n"); + fprintf(stderr, "cmsutil: Out of memory.\n"); goto loser; } digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd); @@ -306,7 +306,7 @@ decode(FILE *out, SECItem *output, SECItem *input, decodeOptions.options->certHandle, decodeOptions.options->certUsage); if (rv != SECSuccess) { - fprintf(stderr, "Verify certs-only failed!\n"); + fprintf(stderr, "cmsutil: Verify certs-only failed!\n"); goto loser; } return cmsg; diff --git a/security/nss/lib/smime/cmsenvdata.c b/security/nss/lib/smime/cmsenvdata.c index d6e45a10a..4a7ffa3f1 100644 --- a/security/nss/lib/smime/cmsenvdata.c +++ b/security/nss/lib/smime/cmsenvdata.c @@ -316,6 +316,7 @@ NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd) SECStatus rv = SECFailure; NSSCMSContentInfo *cinfo; NSSCMSRecipient **recipient_list; + NSSCMSRecipient *recipient; int rlIndex; if (NSS_CMSArray_Count((void **)envd->recipientInfos) == 0) { @@ -347,14 +348,19 @@ NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd) goto loser; } + recipient = recipient_list[rlIndex]; + if (!recipient->cert || !recipient->privkey) { + /* XXX should set an error code ?!? */ + goto loser; + } /* get a pointer to "our" recipientinfo */ - ri = envd->recipientInfos[recipient_list[rlIndex]->riIndex]; + ri = envd->recipientInfos[recipient->riIndex]; cinfo = &(envd->contentInfo); bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo); - bulkkey = NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient_list[rlIndex]->subIndex, - recipient_list[rlIndex]->cert, - recipient_list[rlIndex]->privkey, + bulkkey = NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient->subIndex, + recipient->cert, + recipient->privkey, bulkalgtag); if (bulkkey == NULL) { /* no success finding a bulk key */ diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c index 45ac16658..ba318e69e 100644 --- a/security/nss/lib/smime/cmsrecinfo.c +++ b/security/nss/lib/smime/cmsrecinfo.c @@ -352,7 +352,8 @@ NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, S } PK11SymKey * -NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag) +NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, + CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag) { PK11SymKey *bulkkey = NULL; SECAlgorithmID *encalg; @@ -360,7 +361,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCe SECItem *enckey; int error; - ri->cert = cert; /* mark the recipientInfo so we can find it later */ + ri->cert = cert; /* mark the recipientInfo so we can find it later */ switch (ri->recipientInfoType) { case NSSCMSRecipientInfoID_KeyTrans: diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c index 0432476b5..b33d251d2 100644 --- a/security/nss/lib/smime/cmssigdata.c +++ b/security/nss/lib/smime/cmssigdata.c @@ -527,17 +527,23 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd, CERTCertificate *cert; SECStatus rv = SECSuccess; int i; + int count; if (!sigd || !certdb || !sigd->rawCerts) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } - for (i=0; i < NSS_CMSArray_Count((void**)sigd->rawCerts); i++) { + count = NSS_CMSArray_Count((void**)sigd->rawCerts); + for (i=0; i < count; i++) { if (sigd->certs && sigd->certs[i]) { cert = sigd->certs[i]; } else { cert = CERT_FindCertByDERCert(certdb, sigd->rawCerts[i]); + if (!cert) { + rv = SECFailure; + break; + } } rv |= CERT_VerifyCert(certdb, cert, PR_TRUE, usage, PR_Now(), NULL, NULL); diff --git a/security/nss/tests/smime/smime.sh b/security/nss/tests/smime/smime.sh index 6921514e7..6c76d3e97 100755 --- a/security/nss/tests/smime/smime.sh +++ b/security/nss/tests/smime/smime.sh @@ -190,32 +190,42 @@ echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULT cd ${SMIMEDIR} cp ${CURDIR}/alice.txt ${SMIMEDIR} # Test basic signed and enveloped messages from 1 --> 2 +echo "cmsutil -S -N Alice -i alice.txt -d ${ALICEDIR} -p nss -o alice.sig" cmsutil -S -N Alice -i alice.txt -d ${ALICEDIR} -p nss -o alice.sig if [ $? -ne 0 ]; then CMSFAILED=${CMSFAILED-"Create Signature Alice"} fi +echo "cmsutil -D -i alice.sig -d ${BOBDIR} -o alice.data1" cmsutil -D -i alice.sig -d ${BOBDIR} -o alice.data1 if [ $? -ne 0 ]; then CMSFAILED=${CMSFAILED-"Decode Alice's Signature"} fi +echo "diff alice.txt alice.data1" diff alice.txt alice.data1 if [ $? -ne 0 ]; then + echo "Signing attached message Failed ($CMSFAILED)" echo "<TR><TD>Signing attached message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS} else + echo "Signing attached message Passed" echo "<TR><TD>Signing attached message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} fi +echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${ALICEDIR} -p nss -o alice.env" cmsutil -E -r bob@bogus.com -i alice.txt -d ${ALICEDIR} -p nss -o alice.env if [ $? -ne 0 ]; then CMSFAILED=${CMSFAILED-"Create Enveloped Data Alice"} fi +echo "cmsutil -D -i alice.env -d ${BOBDIR} -p nss -o alice.data1" cmsutil -D -i alice.env -d ${BOBDIR} -p nss -o alice.data1 if [ $? -ne 0 ]; then CMSFAILED=${CMSFAILED-"Decode Enveloped Data Alice"} fi +echo "diff alice.txt alice.data1" diff alice.txt alice.data1 if [ $? -ne 0 ]; then + echo "Enveloped Data Failed ($CMSFAILED)" echo "<TR><TD>Enveloped Data</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS} else + echo "Enveloped Data Passed" echo "<TR><TD>Enveloped Data</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} fi # multiple recip @@ -228,13 +238,16 @@ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${ALICEDIR} > co.der if [ $? -ne 0 ]; then CMSFAILED=${CMSFAILED-"Create Certs-Only Alice"} fi -cmsutil -D -i co.der -d ${CADIR} +echo "cmsutil -D -i co.der -d ${BOBDIR}" +cmsutil -D -i co.der -d ${BOBDIR} if [ $? -ne 0 ]; then CMSFAILED=${CMSFAILED-"Verify Certs-Only by CA"} fi if [ -n "${CMSFAILED}" ]; then + echo "Sending certs-only message Failed ($CMSFAILED)" echo "<TR><TD>Sending certs-only message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS} else + echo "Sending certs-only message Passed" echo "<TR><TD>Sending certs-only message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} fi echo "cmsutil -C -i alice.txt -e alicehello.env -d ${ALICEDIR} -r \"bob@bogus.com\" > alice.enc" @@ -254,8 +267,10 @@ if [ $? -ne 0 ]; then CMSFAILED=${CMSFAILED-"Decode Encrypted-Data"} fi if [ -n "${CMSFAILED}" ]; then + echo "Encrypted-Data message Failed ($CMSFAILED)" echo "<TR><TD>Encrypted-Data message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS} else + echo "Encrypted-Data message Passed" echo "<TR><TD>Encrypted-Data message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS} fi |