Bug 1507174 - Add additional null checks to other CMS functions r=mt
authorJ.C. Jones <jjones@mozilla.com>
Fri, 11 Jan 2019 22:33:16 -0700
changeset 14966 08d1b0c1117f7a9a5382440864e243ece0d1a7a3
parent 14965 5e70b72131ac28457b14cdc6100e8674409bbdd4
child 14978 dd9307191888b90ff1e16ca15f99b982941d03c1
push id3241
push userjjones@mozilla.com
push dateSun, 20 Jan 2019 00:41:34 +0000
reviewersmt
bugs1507174
Bug 1507174 - Add additional null checks to other CMS functions r=mt Differential review: https://phabricator.services.mozilla.com//D16383
lib/smime/cmscinfo.c
lib/smime/cmsdigdata.c
lib/smime/cmsencdata.c
lib/smime/cmsenvdata.c
lib/smime/cmsmessage.c
lib/smime/cmsudf.c
--- a/lib/smime/cmscinfo.c
+++ b/lib/smime/cmscinfo.c
@@ -46,16 +46,20 @@ nss_cmsContentInfo_private_destroy(NSSCM
 /*
  * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
  */
 void
 NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo)
 {
     SECOidTag kind;
 
+    if (cinfo == NULL) {
+        return;
+    }
+
     kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
     switch (kind) {
         case SEC_OID_PKCS7_ENVELOPED_DATA:
             NSS_CMSEnvelopedData_Destroy(cinfo->content.envelopedData);
             break;
         case SEC_OID_PKCS7_SIGNED_DATA:
             NSS_CMSSignedData_Destroy(cinfo->content.signedData);
             break;
@@ -81,16 +85,21 @@ NSS_CMSContentInfo_Destroy(NSSCMSContent
 
 /*
  * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exists)
  */
 NSSCMSContentInfo *
 NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo)
 {
     NSSCMSContentInfo *ccinfo = NULL;
+
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     SECOidTag tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
     switch (tag) {
         case SEC_OID_PKCS7_SIGNED_DATA:
             if (cinfo->content.signedData != NULL) {
                 ccinfo = &(cinfo->content.signedData->contentInfo);
             }
             break;
         case SEC_OID_PKCS7_ENVELOPED_DATA:
@@ -122,16 +131,19 @@ NSS_CMSContentInfo_GetChildContentInfo(N
     }
     return ccinfo;
 }
 
 SECStatus
 NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream)
 {
     SECStatus rv;
+    if (cinfo == NULL) {
+        return SECFailure;
+    }
 
     rv = NSS_CMSContentInfo_Private_Init(cinfo);
     if (rv != SECSuccess) {
         /* default is streaming, failure to get ccinfo will not effect this */
         return dontStream ? SECFailure : SECSuccess;
     }
     cinfo->privateInfo->dontStream = dontStream;
     return SECSuccess;
@@ -140,25 +152,30 @@ NSS_CMSContentInfo_SetDontStream(NSSCMSC
 /*
  * NSS_CMSContentInfo_SetContent - set content type & content
  */
 SECStatus
 NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
                               SECOidTag type, void *ptr)
 {
     SECStatus rv;
+    if (cinfo == NULL || cmsg == NULL) {
+        return SECFailure;
+    }
 
     cinfo->contentTypeTag = SECOID_FindOIDByTag(type);
-    if (cinfo->contentTypeTag == NULL)
+    if (cinfo->contentTypeTag == NULL) {
         return SECFailure;
+    }
 
     /* do not copy the oid, just create a reference */
     rv = SECITEM_CopyItem(cmsg->poolp, &(cinfo->contentType), &(cinfo->contentTypeTag->oid));
-    if (rv != SECSuccess)
+    if (rv != SECSuccess) {
         return SECFailure;
+    }
 
     cinfo->content.pointer = ptr;
 
     if (NSS_CMSType_IsData(type) && ptr) {
         cinfo->rawContent = ptr;
     } else {
         /* as we always have some inner data,
      * we need to set it to something, just to fool the encoder enough to work on it
@@ -180,18 +197,19 @@ NSS_CMSContentInfo_SetContent(NSSCMSMess
 /*
  * data == NULL -> pass in data via NSS_CMSEncoder_Update
  * data != NULL -> take this data
  */
 SECStatus
 NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
                                    SECItem *data, PRBool detached)
 {
-    if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess)
+    if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess) {
         return SECFailure;
+    }
     if (detached) {
         cinfo->rawContent = NULL;
     }
 
     return SECSuccess;
 }
 
 SECStatus
@@ -225,16 +243,20 @@ NSS_CMSContentInfo_SetContent_EncryptedD
 /*
  * NSS_CMSContentInfo_GetContent - get pointer to inner content
  *
  * needs to be casted...
  */
 void *
 NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     SECOidTag tag = cinfo->contentTypeTag
                         ? cinfo->contentTypeTag->offset
                         : SEC_OID_UNKNOWN;
     switch (tag) {
         case SEC_OID_PKCS7_DATA:
         case SEC_OID_PKCS7_SIGNED_DATA:
         case SEC_OID_PKCS7_ENVELOPED_DATA:
         case SEC_OID_PKCS7_DIGESTED_DATA:
@@ -255,16 +277,20 @@ NSS_CMSContentInfo_GetContent(NSSCMSCont
 
 SECItem *
 NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
 {
     NSSCMSContentInfo *ccinfo;
     SECOidTag tag;
     SECItem *pItem = NULL;
 
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
     if (NSS_CMSType_IsData(tag)) {
         pItem = cinfo->content.data;
     } else if (NSS_CMSType_IsWrapper(tag)) {
         ccinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo);
         if (ccinfo != NULL) {
             pItem = NSS_CMSContentInfo_GetContent(ccinfo);
         }
@@ -277,99 +303,141 @@ NSS_CMSContentInfo_GetInnerContent(NSSCM
 
 /*
  * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
  * for future reference) and return the inner content type.
  */
 SECOidTag
 NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return SEC_OID_UNKNOWN;
+    }
+
     if (cinfo->contentTypeTag == NULL)
         cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
 
     if (cinfo->contentTypeTag == NULL)
         return SEC_OID_UNKNOWN;
 
     return cinfo->contentTypeTag->offset;
 }
 
 SECItem *
 NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo)
 {
-    if (cinfo->contentTypeTag == NULL)
-        cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
+    if (cinfo == NULL) {
+        return NULL;
+    }
 
-    if (cinfo->contentTypeTag == NULL)
+    if (cinfo->contentTypeTag == NULL) {
+        cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
+    }
+
+    if (cinfo->contentTypeTag == NULL) {
         return NULL;
+    }
 
     return &(cinfo->contentTypeTag->oid);
 }
 
 /*
  * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup result
  * for future reference) and return the content encryption algorithm tag.
  */
 SECOidTag
 NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo)
 {
-    if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN)
+    if (cinfo == NULL) {
+        return SEC_OID_UNKNOWN;
+    }
+
+    if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN) {
         cinfo->contentEncAlgTag = SECOID_GetAlgorithmTag(&(cinfo->contentEncAlg));
+    }
 
     return cinfo->contentEncAlgTag;
 }
 
 /*
  * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encryption algorithm tag.
  */
 SECAlgorithmID *
 NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return NULL;
+    }
+
     return &(cinfo->contentEncAlg);
 }
 
 SECStatus
 NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
                                     SECOidTag bulkalgtag, SECItem *parameters, int keysize)
 {
     SECStatus rv;
+    if (cinfo == NULL) {
+        return SECFailure;
+    }
 
     rv = SECOID_SetAlgorithmID(poolp, &(cinfo->contentEncAlg), bulkalgtag, parameters);
-    if (rv != SECSuccess)
+    if (rv != SECSuccess) {
         return SECFailure;
+    }
     cinfo->keysize = keysize;
     return SECSuccess;
 }
 
 SECStatus
 NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
                                       SECAlgorithmID *algid, int keysize)
 {
     SECStatus rv;
+    if (cinfo == NULL) {
+        return SECFailure;
+    }
 
     rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid);
-    if (rv != SECSuccess)
+    if (rv != SECSuccess) {
         return SECFailure;
-    if (keysize >= 0)
+    }
+    if (keysize >= 0) {
         cinfo->keysize = keysize;
+    }
     return SECSuccess;
 }
 
 void
 NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey)
 {
-    cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey);
-    cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg));
+    if (cinfo == NULL) {
+        return;
+    }
+
+    if (bulkkey == NULL) {
+        cinfo->bulkkey = NULL;
+        cinfo->keysize = 0;
+    } else {
+        cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey);
+        cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg));
+    }
 }
 
 PK11SymKey *
 NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo)
 {
-    if (cinfo->bulkkey == NULL)
+    if (cinfo == NULL || cinfo->bulkkey == NULL) {
         return NULL;
+    }
 
     return PK11_ReferenceSymKey(cinfo->bulkkey);
 }
 
 int
 NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo)
 {
+    if (cinfo == NULL) {
+        return 0;
+    }
+
     return cinfo->keysize;
 }
--- a/lib/smime/cmsdigdata.c
+++ b/lib/smime/cmsdigdata.c
@@ -51,17 +51,19 @@ loser:
 
 /*
  * NSS_CMSDigestedData_Destroy - destroy a digestedData object
  */
 void
 NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd)
 {
     /* everything's in a pool, so don't worry about the storage */
-    NSS_CMSContentInfo_Destroy(&(digd->contentInfo));
+    if (digd != NULL) {
+        NSS_CMSContentInfo_Destroy(&(digd->contentInfo));
+    }
     return;
 }
 
 /*
  * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's contentInfo
  */
 NSSCMSContentInfo *
 NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd)
--- a/lib/smime/cmsencdata.c
+++ b/lib/smime/cmsencdata.c
@@ -82,17 +82,19 @@ loser:
 
 /*
  * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
  */
 void
 NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd)
 {
     /* everything's in a pool, so don't worry about the storage */
-    NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
+    if (encd != NULL) {
+        NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
+    }
     return;
 }
 
 /*
  * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
  */
 NSSCMSContentInfo *
 NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd)
--- a/lib/smime/cmsenvdata.c
+++ b/lib/smime/cmsenvdata.c
@@ -139,16 +139,21 @@ NSS_CMSEnvelopedData_Encode_BeforeStart(
     PLArenaPool *poolp;
     extern const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
     void *mark = NULL;
     int i;
 
     poolp = envd->cmsg->poolp;
     cinfo = &(envd->contentInfo);
 
+    if (cinfo == NULL) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        goto loser;
+    }
+
     recipientinfos = envd->recipientInfos;
     if (recipientinfos == NULL) {
         PORT_SetError(SEC_ERROR_BAD_DATA);
 #if 0
     PORT_SetErrorString("Cannot find recipientinfos to encode.");
 #endif
         goto loser;
     }
--- a/lib/smime/cmsmessage.c
+++ b/lib/smime/cmsmessage.c
@@ -91,16 +91,19 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSM
 }
 
 /*
  * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
  */
 void
 NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg)
 {
+    if (cmsg == NULL)
+        return;
+
     PORT_Assert(cmsg->refCount > 0);
     if (cmsg->refCount <= 0) { /* oops */
         return;
     }
 
     cmsg->refCount--; /* thread safety? */
     if (cmsg->refCount > 0) {
         return;
--- a/lib/smime/cmsudf.c
+++ b/lib/smime/cmsudf.c
@@ -234,17 +234,17 @@ NSS_CMSType_GetContentSize(SECOidTag typ
     return sizeof(SECItem *);
 }
 
 void
 NSS_CMSGenericWrapperData_Destroy(SECOidTag type, NSSCMSGenericWrapperData *gd)
 {
     const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type);
 
-    if (typeInfo && typeInfo->destroy) {
+    if (typeInfo && (typeInfo->destroy) && (gd != NULL)) {
         (*typeInfo->destroy)(gd);
     }
 }
 
 SECStatus
 NSS_CMSGenericWrapperData_Decode_BeforeData(SECOidTag type,
                                             NSSCMSGenericWrapperData *gd)
 {