From d4d9f885d9a22b333199ed6e47dddb40e89d6f2d Mon Sep 17 00:00:00 2001
From: "nelsonb%netscape.com" <devnull@localhost>
Date: Thu, 31 Jul 2003 00:16:27 +0000
Subject: Fix bug 213084. Detect when cert in signature cannot be imported.
 Detect NULL pointer, don't crash.

---
 security/nss/lib/cryptohi/seckey.c | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

(limited to 'security/nss/lib/cryptohi')

diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c
index 034376019..b39ba988f 100644
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -430,7 +430,7 @@ done:
  *      formats.  The public key extraction code will deal with the different
  *      formats at the time of extraction.  */
 
-SECStatus
+static SECStatus
 seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
 {
     SECStatus rv, rvCompare;
@@ -484,16 +484,16 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
     /* check if the cert is self-signed */
     rvCompare = (SECStatus)SECITEM_CompareItem(&subjectCert->derSubject,
 				    &subjectCert->derIssuer);
-	if (rvCompare == SECEqual) {
-	  /* fail since cert is self-signed and has no pqg params. */
-            return SECFailure;     
-	}
+    if (rvCompare == SECEqual) {
+      /* fail since cert is self-signed and has no pqg params. */
+	return SECFailure;     
+    }
      
     /* get issuer cert */
     issuerCert = CERT_FindCertIssuer(subjectCert, PR_Now(), certUsageAnyCA);
-	if ( ! issuerCert ) {
-            return SECFailure;
-	}
+    if ( ! issuerCert ) {
+	return SECFailure;
+    }
 
     /* if parent is not DSA or fortezza, return failure since
        we don't allow this case. */
@@ -552,7 +552,11 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count)
 SECStatus
 SECKEY_UpdateCertPQG(CERTCertificate * subjectCert)
 {
-    return(seckey_UpdateCertPQGChain(subjectCert,0));
+    if (!subjectCert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return SECFailure;
+    }
+    return seckey_UpdateCertPQGChain(subjectCert,0);
 }
    
 
@@ -1148,6 +1152,10 @@ CERT_ExtractPublicKey(CERTCertificate *cert)
 {
     SECStatus rv;
 
+    if (!cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+	return NULL;
+    }
     rv = SECKEY_UpdateCertPQG(cert);
     if (rv != SECSuccess) return NULL;
 
-- 
cgit v1.2.1