Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-02 10:00:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

In lib/smime, detect null pointers returned by various functions.

Browse Source 
Christian Kaiser fixed the test script to pass the right directory name
to the test program.  The test script echoes all the cmsutil test
commands so that the error messages are associated with the proper one.
And cmsutil now puts its name on the front of its error messages.
This commit is contained in:
nelsonb%netscape.com 2000-10-06 23:26:12 +00:00
parent 14eac23573
commit 5d154d8d5f
5 changed files with 42 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/nss/cmd/smimetools/cmsutil.c
View File

@ -34,7 +34,7 @@
/*
* cmsutil -- A command to work with CMS data
*
* $Id: cmsutil.c,v 1.10 2000/10/06 21:45:01 nelsonb%netscape.com Exp $
* $Id: cmsutil.c,v 1.11 2000/10/06 23:26:08 nelsonb%netscape.com Exp $
*/
#include "nspr.h"
@ -261,7 +261,7 @@ decode(FILE *out, SECItem *output, SECItem *input,
/* if we have a content file, but no digests for this signedData */
if (decodeOptions.contentFile != NULL && !NSS_CMSSignedData_HasDigests(sigd)) {
if ((poolp = PORT_NewArena(1024)) == NULL) {
fprintf(stderr, "Out of memory.\n");
fprintf(stderr, "cmsutil: Out of memory.\n");
goto loser;
}
digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
@ -306,7 +306,7 @@ decode(FILE *out, SECItem *output, SECItem *input,
decodeOptions.options->certHandle,
decodeOptions.options->certUsage);
if (rv != SECSuccess) {
fprintf(stderr, "Verify certs-only failed!\n");
fprintf(stderr, "cmsutil: Verify certs-only failed!\n");
goto loser;
}
return cmsg;

16
security/nss/lib/smime/cmsenvdata.c
View File

@ -34,7 +34,7 @@
/*
* CMS envelopedData methods.
*
* $Id: cmsenvdata.c,v 1.2 2000/06/13 21:56:29 chrisk%netscape.com Exp $
* $Id: cmsenvdata.c,v 1.3 2000/10/06 23:26:10 nelsonb%netscape.com Exp $
*/
#include "cmslocal.h"
@ -316,6 +316,7 @@ NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd)
SECStatus rv = SECFailure;
NSSCMSContentInfo *cinfo;
NSSCMSRecipient **recipient_list;
NSSCMSRecipient *recipient;
int rlIndex;
if (NSS_CMSArray_Count((void **)envd->recipientInfos) == 0) {
@ -347,14 +348,19 @@ NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd)
goto loser;
}
recipient = recipient_list[rlIndex];
if (!recipient->cert || !recipient->privkey) {
/* XXX should set an error code ?!? */
goto loser;
}
/* get a pointer to "our" recipientinfo */
ri = envd->recipientInfos[recipient_list[rlIndex]->riIndex];
ri = envd->recipientInfos[recipient->riIndex];
cinfo = &(envd->contentInfo);
bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo);
bulkkey = NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient_list[rlIndex]->subIndex,
recipient_list[rlIndex]->cert,
recipient_list[rlIndex]->privkey,
bulkkey = NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient->subIndex,
recipient->cert,
recipient->privkey,
bulkalgtag);
if (bulkkey == NULL) {
/* no success finding a bulk key */

7
security/nss/lib/smime/cmsrecinfo.c
View File

@ -34,7 +34,7 @@
/*
* CMS recipientInfo methods.
*
* $Id: cmsrecinfo.c,v 1.2 2000/06/13 21:56:30 chrisk%netscape.com Exp $
* $Id: cmsrecinfo.c,v 1.3 2000/10/06 23:26:10 nelsonb%netscape.com Exp $
*/
#include "cmslocal.h"
@ -352,7 +352,8 @@ NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey, S
}
PK11SymKey *
NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
{
PK11SymKey *bulkkey = NULL;
SECAlgorithmID *encalg;
@ -360,7 +361,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCe
SECItem *enckey;
int error;
ri->cert = cert; /* mark the recipientInfo so we can find it later */
ri->cert = cert; /* mark the recipientInfo so we can find it later */
switch (ri->recipientInfoType) {
case NSSCMSRecipientInfoID_KeyTrans:

10
security/nss/lib/smime/cmssigdata.c
View File

@ -34,7 +34,7 @@
/*
* CMS signedData methods.
*
* $Id: cmssigdata.c,v 1.9 2000/09/15 20:23:26 mcgreer%netscape.com Exp $
* $Id: cmssigdata.c,v 1.10 2000/10/06 23:26:10 nelsonb%netscape.com Exp $
*/
#include "cmslocal.h"
@ -527,17 +527,23 @@ NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd,
CERTCertificate *cert;
SECStatus rv = SECSuccess;
int i;
int count;
if (!sigd || !certdb || !sigd->rawCerts) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
for (i=0; i < NSS_CMSArray_Count((void**)sigd->rawCerts); i++) {
count = NSS_CMSArray_Count((void**)sigd->rawCerts);
for (i=0; i < count; i++) {
if (sigd->certs && sigd->certs[i]) {
cert = sigd->certs[i];
} else {
cert = CERT_FindCertByDERCert(certdb, sigd->rawCerts[i]);
if (!cert) {
rv = SECFailure;
break;
}
}
rv |= CERT_VerifyCert(certdb, cert, PR_TRUE, usage, PR_Now(),
NULL, NULL);

17
security/nss/tests/smime/smime.sh
View File

@ -190,32 +190,42 @@ echo "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" >> ${RESULT
cd ${SMIMEDIR}
cp ${CURDIR}/alice.txt ${SMIMEDIR}
# Test basic signed and enveloped messages from 1 --> 2
echo "cmsutil -S -N Alice -i alice.txt -d ${ALICEDIR} -p nss -o alice.sig"
cmsutil -S -N Alice -i alice.txt -d ${ALICEDIR} -p nss -o alice.sig
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Create Signature Alice"}
fi
echo "cmsutil -D -i alice.sig -d ${BOBDIR} -o alice.data1"
cmsutil -D -i alice.sig -d ${BOBDIR} -o alice.data1
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Decode Alice's Signature"}
fi
echo "diff alice.txt alice.data1"
diff alice.txt alice.data1
if [ $? -ne 0 ]; then
echo "Signing attached message Failed ($CMSFAILED)"
echo "<TR><TD>Signing attached message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS}
else
echo "Signing attached message Passed"
echo "<TR><TD>Signing attached message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
fi
echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${ALICEDIR} -p nss -o alice.env"
cmsutil -E -r bob@bogus.com -i alice.txt -d ${ALICEDIR} -p nss -o alice.env
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Create Enveloped Data Alice"}
fi
echo "cmsutil -D -i alice.env -d ${BOBDIR} -p nss -o alice.data1"
cmsutil -D -i alice.env -d ${BOBDIR} -p nss -o alice.data1
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Decode Enveloped Data Alice"}
fi
echo "diff alice.txt alice.data1"
diff alice.txt alice.data1
if [ $? -ne 0 ]; then
echo "Enveloped Data Failed ($CMSFAILED)"
echo "<TR><TD>Enveloped Data</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS}
else
echo "Enveloped Data Passed"
echo "<TR><TD>Enveloped Data</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
fi
# multiple recip
@ -228,13 +238,16 @@ cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${ALICEDIR} > co.der
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Create Certs-Only Alice"}
fi
cmsutil -D -i co.der -d ${CADIR}
echo "cmsutil -D -i co.der -d ${BOBDIR}"
cmsutil -D -i co.der -d ${BOBDIR}
if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Verify Certs-Only by CA"}
fi
if [ -n "${CMSFAILED}" ]; then
echo "Sending certs-only message Failed ($CMSFAILED)"
echo "<TR><TD>Sending certs-only message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS}
else
echo "Sending certs-only message Passed"
echo "<TR><TD>Sending certs-only message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
fi
echo "cmsutil -C -i alice.txt -e alicehello.env -d ${ALICEDIR} -r \"bob@bogus.com\" > alice.enc"
@ -254,8 +267,10 @@ if [ $? -ne 0 ]; then
CMSFAILED=${CMSFAILED-"Decode Encrypted-Data"}
fi
if [ -n "${CMSFAILED}" ]; then
echo "Encrypted-Data message Failed ($CMSFAILED)"
echo "<TR><TD>Encrypted-Data message</TD><TD bgcolor=red>Failed ($CMSFAILED)</TD><TR>" >> ${RESULTS}
else
echo "Encrypted-Data message Passed"
echo "<TR><TD>Encrypted-Data message</TD><TD bgcolor=lightGreen>Passed</TD><TR>" >> ${RESULTS}
fi