Fix crashes in NSS_CMSSignedData_GetDigestValue and

NSS_CMSContentInfo_GetContent that occur when a detached signature is not accompanied by the data on which the signature was computed. Bug 229242. Make NSS_CMSContentInfo_GetInnerContent and NSS_CMSMessage_GetContent more easily debugged, by storing the results returned by function calls in automatic variables before using them in subsequent calls/switches.
sailfishos-mirror · Jan 7, 2004 · 907abd6 · 907abd6
1 parent 0775a36
commit 907abd6
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 9 deletions.
diff --git a/security/nss/lib/smime/cmscinfo.c b/security/nss/lib/smime/cmscinfo.c
@@ -209,7 +209,10 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn
 void *
 NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
 {
-    switch (cinfo->contentTypeTag->offset) {
+    SECOidTag tag = (cinfo && cinfo->contentTypeTag) 
+	                ? cinfo->contentTypeTag->offset 
+	                : SEC_OID_UNKNOWN;
+    switch (tag) {
     case SEC_OID_PKCS7_DATA:
     case SEC_OID_PKCS7_SIGNED_DATA:
     case SEC_OID_PKCS7_ENVELOPED_DATA:
@@ -230,22 +233,28 @@ SECItem *
 NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
 {
     NSSCMSContentInfo *ccinfo;
+    SECOidTag          tag;
+    SECItem           *pItem = NULL;
 
-    switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
+    tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+    switch (tag) {
     case SEC_OID_PKCS7_DATA:
-	return cinfo->content.data;	/* end of recursion - every message has to have a data cinfo */
+	/* end of recursion - every message has to have a data cinfo */
+	pItem = cinfo->content.data; 
+	break;
     case SEC_OID_PKCS7_DIGESTED_DATA:
     case SEC_OID_PKCS7_ENCRYPTED_DATA:
     case SEC_OID_PKCS7_ENVELOPED_DATA:
     case SEC_OID_PKCS7_SIGNED_DATA:
-	if ((ccinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) == NULL)
-	    break;
-	return NSS_CMSContentInfo_GetContent(ccinfo);
+	ccinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo);
+	if (ccinfo != NULL)
+	    pItem = NSS_CMSContentInfo_GetContent(ccinfo);
+	break;
     default:
 	PORT_Assert(0);
 	break;
     }
-    return NULL;
+    return pItem;
 }
 
 /*

diff --git a/security/nss/lib/smime/cmsmessage.c b/security/nss/lib/smime/cmsmessage.c
@@ -178,7 +178,9 @@ SECItem *
 NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg)
 {
     /* this is a shortcut */
-    return NSS_CMSContentInfo_GetInnerContent(NSS_CMSMessage_GetContentInfo(cmsg));
+    NSSCMSContentInfo * cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
+    SECItem           * pItem = NSS_CMSContentInfo_GetInnerContent(cinfo);
+    return pItem;
 }
 
 /*

diff --git a/security/nss/lib/smime/cmssigdata.c b/security/nss/lib/smime/cmssigdata.c
@@ -1028,8 +1028,10 @@ NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag)
         return NULL;
     }
 
-    if (sigd->digestAlgorithms == NULL)
+    if (sigd->digestAlgorithms == NULL || sigd->digests == NULL) {
+        PORT_SetError(SEC_ERROR_DIGEST_NOT_FOUND);
 	return NULL;
+    }
 
     n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);