diff options
author | Dennis Jackson <djackson@mozilla.com> | 2022-05-20 16:52:56 +0000 |
---|---|---|
committer | Dennis Jackson <djackson@mozilla.com> | 2022-05-20 16:52:56 +0000 |
commit | eea91ddfb8c3d49760a4f8739e854b7ed9e8e205 (patch) | |
tree | 7115bcbfaa5822fa38a0ccf335ed995b45427566 | |
parent | f98902384162f8489af3f8524b9b1a9b1c88d0e8 (diff) | |
download | nss-hg-eea91ddfb8c3d49760a4f8739e854b7ed9e8e205.tar.gz |
Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple r=nss-reviewers,jschanckNSS_3_79_BETA2
As NSS_CMSDigestContext_FinishMultiple may leave its outparam unchanged when it returns SECSuccess, ensure
that we set the value to NULL prior to invoking it. If this has happened because data was missing and hence the
digest was never updated, the secasn1d parser will notice the missing child and raise a decodeError.
Differential Revision: https://phabricator.services.mozilla.com/D145425
-rw-r--r-- | cmd/smimetools/cmsutil.c | 2 | ||||
-rw-r--r-- | lib/smime/cmsdigest.c | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/cmd/smimetools/cmsutil.c b/cmd/smimetools/cmsutil.c index 9106d9955..4343695ed 100644 --- a/cmd/smimetools/cmsutil.c +++ b/cmd/smimetools/cmsutil.c @@ -219,7 +219,7 @@ decode(FILE *out, SECItem *input, const struct decodeOptionsStr *decodeOptions) switch (typetag) { case SEC_OID_PKCS7_SIGNED_DATA: { NSSCMSSignedData *sigd = NULL; - SECItem **digests; + SECItem **digests = NULL; int nsigners; int j; diff --git a/lib/smime/cmsdigest.c b/lib/smime/cmsdigest.c index bd1474068..1eb88f0b6 100644 --- a/lib/smime/cmsdigest.c +++ b/lib/smime/cmsdigest.c @@ -239,7 +239,7 @@ NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, SECItem *digest) { SECStatus rv = SECFailure; - SECItem **dp; + SECItem **dp = NULL; PLArenaPool *arena = NULL; if ((arena = PORT_NewArena(1024)) == NULL) @@ -247,7 +247,7 @@ NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, /* get the digests into arena, then copy the first digest into poolp */ rv = NSS_CMSDigestContext_FinishMultiple(cmsdigcx, arena, &dp); - if (rv == SECSuccess) { + if (rv == SECSuccess && dp) { /* now copy it into poolp */ rv = SECITEM_CopyItem(poolp, digest, dp[0]); } |