Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple r=nss-reviewers,jschanck NSS_3_79_BRANCH NSS_3_79_BETA2
authorDennis Jackson <djackson@mozilla.com>
Fri, 20 May 2022 16:52:56 +0000
branchNSS_3_79_BRANCH
changeset 16218 82f9862369bd3f5864a2e16bb92cdabcab980c0c
parent 16216 f6fc6da74f9641e0c48d0aa13065b07c7ef7bc07
child 16219 5498a0531d732fa3d5702ac68f6ab2c3a6a21751
push id4145
push userdjackson@mozilla.com
push dateFri, 20 May 2022 17:13:27 +0000
reviewersnss-reviewers, jschanck
bugs1767590
Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple r=nss-reviewers,jschanck As NSS_CMSDigestContext_FinishMultiple may leave its outparam unchanged when it returns SECSuccess, ensure that we set the value to NULL prior to invoking it. If this has happened because data was missing and hence the digest was never updated, the secasn1d parser will notice the missing child and raise a decodeError. Differential Revision: https://phabricator.services.mozilla.com/D145425
cmd/smimetools/cmsutil.c
lib/smime/cmsdigest.c
--- a/cmd/smimetools/cmsutil.c
+++ b/cmd/smimetools/cmsutil.c
@@ -214,17 +214,17 @@ decode(FILE *out, SECItem *input, const 
         typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
 
         if (decodeOptions->headerLevel >= 0)
             fprintf(out, "\tlevel=%d.%d; ", decodeOptions->headerLevel, nlevels - i);
 
         switch (typetag) {
             case SEC_OID_PKCS7_SIGNED_DATA: {
                 NSSCMSSignedData *sigd = NULL;
-                SECItem **digests;
+                SECItem **digests = NULL;
                 int nsigners;
                 int j;
 
                 if (decodeOptions->headerLevel >= 0)
                     fprintf(out, "type=signedData; ");
                 sigd = (NSSCMSSignedData *)NSS_CMSContentInfo_GetContent(cinfo);
                 if (sigd == NULL) {
                     SECU_PrintError(progName, "signedData component missing");
--- a/lib/smime/cmsdigest.c
+++ b/lib/smime/cmsdigest.c
@@ -234,25 +234,25 @@ cleanup:
  * NSS_CMSDigestContext_FinishMultiple, but for one digest.
  */
 SECStatus
 NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx,
                                   PLArenaPool *poolp,
                                   SECItem *digest)
 {
     SECStatus rv = SECFailure;
-    SECItem **dp;
+    SECItem **dp = NULL;
     PLArenaPool *arena = NULL;
 
     if ((arena = PORT_NewArena(1024)) == NULL)
         goto loser;
 
     /* get the digests into arena, then copy the first digest into poolp */
     rv = NSS_CMSDigestContext_FinishMultiple(cmsdigcx, arena, &dp);
-    if (rv == SECSuccess) {
+    if (rv == SECSuccess && dp) {
         /* now copy it into poolp */
         rv = SECITEM_CopyItem(poolp, digest, dp[0]);
     }
 loser:
     if (arena)
         PORT_FreeArena(arena, PR_FALSE);
 
     return rv;