Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple r=nss-reviewers,jschanck
authorDennis Jackson <djackson@mozilla.com>
Fri, 20 May 2022 16:52:56 +0000
changeset 16217 8bb2f26245b91be5e51a0278cf446814d620e05b
parent 16215 2efccbd85918ac0a404340ece219b6f2824ff87a
child 16220 ad1046e9eee5f5dc17dac7c9343e2f7f0da44b4e
push id4144
push userdjackson@mozilla.com
push dateFri, 20 May 2022 16:55:04 +0000
reviewersnss-reviewers, jschanck
bugs1767590
Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple r=nss-reviewers,jschanck As NSS_CMSDigestContext_FinishMultiple may leave its outparam unchanged when it returns SECSuccess, ensure that we set the value to NULL prior to invoking it. If this has happened because data was missing and hence the digest was never updated, the secasn1d parser will notice the missing child and raise a decodeError. Differential Revision: https://phabricator.services.mozilla.com/D145425
cmd/smimetools/cmsutil.c
lib/smime/cmsdigest.c
--- a/cmd/smimetools/cmsutil.c
+++ b/cmd/smimetools/cmsutil.c
@@ -214,17 +214,17 @@ decode(FILE *out, SECItem *input, const 
         typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
 
         if (decodeOptions->headerLevel >= 0)
             fprintf(out, "\tlevel=%d.%d; ", decodeOptions->headerLevel, nlevels - i);
 
         switch (typetag) {
             case SEC_OID_PKCS7_SIGNED_DATA: {
                 NSSCMSSignedData *sigd = NULL;
-                SECItem **digests;
+                SECItem **digests = NULL;
                 int nsigners;
                 int j;
 
                 if (decodeOptions->headerLevel >= 0)
                     fprintf(out, "type=signedData; ");
                 sigd = (NSSCMSSignedData *)NSS_CMSContentInfo_GetContent(cinfo);
                 if (sigd == NULL) {
                     SECU_PrintError(progName, "signedData component missing");
--- a/lib/smime/cmsdigest.c
+++ b/lib/smime/cmsdigest.c
@@ -234,25 +234,25 @@ cleanup:
  * NSS_CMSDigestContext_FinishMultiple, but for one digest.
  */
 SECStatus
 NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx,
                                   PLArenaPool *poolp,
                                   SECItem *digest)
 {
     SECStatus rv = SECFailure;
-    SECItem **dp;
+    SECItem **dp = NULL;
     PLArenaPool *arena = NULL;
 
     if ((arena = PORT_NewArena(1024)) == NULL)
         goto loser;
 
     /* get the digests into arena, then copy the first digest into poolp */
     rv = NSS_CMSDigestContext_FinishMultiple(cmsdigcx, arena, &dp);
-    if (rv == SECSuccess) {
+    if (rv == SECSuccess && dp) {
         /* now copy it into poolp */
         rv = SECITEM_CopyItem(poolp, digest, dp[0]);
     }
 loser:
     if (arena)
         PORT_FreeArena(arena, PR_FALSE);
 
     return rv;