Security-59306.61.1.tar.gz

[apple/security.git] / OSX / libsecurity_smime / lib / cmscipher.c

diff --git a/OSX/libsecurity_smime/lib/cmscipher.c b/OSX/libsecurity_smime/lib/cmscipher.c
index 02ec08733086aae3d30ae749e123587b4310b27c..d511920ace52f879b16d1b477e99afb8f3a0060c 100644 (file)
--- a/OSX/libsecurity_smime/lib/cmscipher.c
+++ b/OSX/libsecurity_smime/lib/cmscipher.c
@@ -102,9 +102,11 @@ DER_GetInteger(SECItem *it)
     unsigned char *cp = it->Data;
     unsigned long overflow = 0x1ffUL << (((sizeof(ival) - 1) * 8) - 1);
     unsigned long ofloinit;
+    bool isNegative = false;
 
-    if (*cp & 0x80)
-        ival = -1L;
+    if (*cp & 0x80) {
+        isNegative = true;
+    }
     ofloinit = ival & overflow;
 
     while (len) {
@@ -119,6 +121,10 @@ DER_GetInteger(SECItem *it)
         ival |= *cp++;
         --len;
     }
+
+    if (isNegative) {
+        ival *= -1L;
+    }
     return ival;
 }
 
@@ -283,6 +289,7 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith
            newParams = SEC_ASN1EncodeItem (poolp, &algid->parameters, &rc2,
                                sec_rc2cbc_parameter_template);
            PORT_Free(rc2.rc2ParameterVersion.Data);
+            rc2.rc2ParameterVersion.Data = NULL;
            if (newParams == NULL)
                goto loser;
            break;
@@ -322,10 +329,12 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith
                goto loser;
            if (initVector.Length != iv.Length) {
                PORT_Free(iv.Data);
+                iv.Data = NULL;
                goto loser;
            }
            memcpy(initVector.Data, iv.Data, initVector.Length);
            PORT_Free(iv.Data);
+            iv.Data = NULL;
            break;
        }
        case SEC_OID_RC2_CBC:
@@ -340,14 +349,18 @@ SecCmsCipherContextStart(PRArenaPool *poolp, SecSymmetricKeyRef key, SECAlgorith
 
            if (initVector.Length != rc2.iv.Length) {
                PORT_Free(rc2.iv.Data);
+                rc2.iv.Data = NULL;
                PORT_Free(rc2.rc2ParameterVersion.Data);
+                rc2.rc2ParameterVersion.Data = NULL;
                goto loser;
            }
            memcpy(initVector.Data, rc2.iv.Data, initVector.Length);
            PORT_Free(rc2.iv.Data);
+            rc2.iv.Data = NULL;
 
            ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
            PORT_Free(rc2.rc2ParameterVersion.Data);
+            rc2.rc2ParameterVersion.Data = NULL;
            if (ulEffectiveBits != cssmKey->KeyHeader.LogicalKeySizeInBits)
                goto loser;
            break;